How to spot a fake app

Fake apps are designed to trick users into believing they are legitimate applications so they can do their dirty job. The intentions might vary. Some fake Android apps will show you annoying ads, while others might monitor your activity, install malware, and steal personal information. They typically fall into three categories:

• Imposters. These fake apps mimic successful ones, trying to look like the original. They might have the same interface, the same description, and even the same name to trick users. Once you download an imposter, it can leave you with malware and an empty bank account.
• Potentially harmful applications. A flashlight, a calorie checker, a step counter — there are plenty of apps that do what they promise, but behind the scenes they infect your smartphone or steal data.
• Inappropriate content. These are apps promoting pornography, illegal activities, violence, or hate speech. It can be a simple alarm clock or a racing game, constantly bombarding you with inappropriate ads or redirecting you to harmful websites.

If you type “calculator” in the search bar on Google Play, you will see endless results. Doesn’t this make you wonder why there are so many of them? The short answer is that some Android apps are malicious. Fake apps can reside for months on Google Play or the App Store before they get removed.

Big international companies like Facebook or Twitter have dedicated teams that chase fake apps across the internet and get rid of them. However, start-ups or smaller companies rarely have the resources to afford such a luxury.

Chingari is one such unfortunate company. This successful Indian short video app has dozens of counterfeits on Google Play, and some of them have been downloaded thousands of times. The developers of Chingari have reported the issue to Google multiple times, but not much has changed, as new copycats keep appearing.

Check the reviews. If the app rating is low, and many users complain about the service, it’s a red flag. But you should also beware of positive reviews, as some of them can be fake. Always take them with a big dose of skepticism.

Look for grammar mistakes. App creators usually polish their descriptions to perfection. If you spot any grammar mistakes or typographical errors, it’s reason enough to raise an eyebrow.

Check the number of downloads. Legitimate Android apps have millions or even billions of downloads. If you see a popular app with only several thousand downloads, it’s most likely a counterfeit.

Research the developers. Always check the developers’ reputation and see what other products they have released. Imposters sometimes use the same name as the original app creator’s, changing only one or two letters. If you don’t read every syllable thoroughly, it can be hard to spot the difference.

Be cautious about images and screenshots. Malicious apps might use low-quality illustrations or photoshopped images. Check if everything looks professional. If it doesn’t, the application might be fake.

Review permissions. If everything looks good and you decide to download the app, take the time to review the permissions it’s asking. A flashlight wishing to access your contacts or a calculator asking for access to your gallery might be a warning sign. You can also check the app permissions in your phone’s settings and see if the apps you have installed before can’t access more than they need.

While Google claims that it reviews all the apps and developers, thousands of malicious ones still sneak into the store. Every couple of months, a new case with a list of fake Android apps pops up in the news until the next scandal.

Estimates say that in 2019 there were 25,647 blacklisted apps on Google Play, which was a huge drop from 108,770 apps in 2018.

Apple’s App Store is considered to be a safer place, and their developers’ verification process is much stricter. However, it still contains fake apps.

There are many other platforms that host mobile apps, such as 9Game, Huawei's Vmall app store, Qihoo 360's Zhushou store, and Xiaomi’s app store, with an even higher concentration of malicious apps than that on Google Play.

Banking. Estimates say that 75% of Americans use banking or payment applications, making them an appealing target for hackers. As more people are shifting to digital currency, there will be more fake apps for Android and iOS roaming in the wild.

COVID-19. With the rise of the pandemic, developers started creating apps to track the spread of the virus, and with that also surged the number of malicious apps. As for now, Apple is rejecting any COVID-19-related software unless it comes from the government or a recognized health organization. Google has implemented similar measures.

Games. Hackers love games. In 2016, when Pokemon Go was released, online stores were flooded with its counterfeits and “playing guides”. One of those “guides” was downloaded by more than 500,000 people, whose devices eventually got injected with malware.

Updates. We all occasionally receive update reminders, and most of us don’t pay much attention to them. In 2019, an Android app called “Updates for Samsung” appeared on Google Play, promising updates for any Samsung device in any region. However, when you started downloading the “updates”, the app would redirect you to a payment website, offering to purchase a subscription. Many people fell for the scam, and the fake update app was downloaded 10 million times.

1. Stick to official marketplaces. Even though official stores contain many malicious apps, they’re still the best option you have. Avoid downloading apps from third-party websites or stores.
2. Don’t click on suspicious pop-ups or links received via text messages. While it might look like a message from a bank encouraging you to update your app, always do your research before taking any actions. Hackers often impersonate financial institutions to trick you into downloading malware.
3. Enable two-factor authentication. An extra step when logging in to services can save you a lot of money. If you have apps linked to your credit cards, turn on two-factor authentication. Even if hackers managed to steal your password, they wouldn’t be able to log in to your account.
4. Update your software on time. Regular updates strengthen your smartphone security and make you less vulnerable to attacks. You can access the available updates directly on your phone. Don’t fall for any suspicious websites or apps promising to update your system.
5. Use a VPN. A virtual private network masks your IP address and encrypts your traffic, making you more resistant to cyberattacks. The NordVPN app has a CyberSec feature that blocks ads and malicious websites. If you want to browse securely, NordVPN is a must-have.