One of the most common pieces of advice for downloading apps is to use the official Android Play Store to do so. If you go on somewhat shady third-party app sites, there’s a chance they’ve snuck in a virus or malware into the app’s code.
Unfortunately, malicious developers also realise the amount of trust users have in the Play Store. Their plan is to put a very close lookalike of official apps onto the Play Store, then sneak malicious code into it that can dodge the Play Store’s security checks. Innocent users think they’re downloading an official app end up getting something far worse!
But how do you identify an app that’s trying to impersonate a real one?
1. Strange App Name
For one, make sure that the app shares the same name as the one you think you’re getting. One of the more successful fake app scams was over an app called “Update WhatsApp Messenger.” If you take some time to look at this app in a vacuum, you’ll see how suspicious it is. Why is an update being published on the app store this way rather than just updating the app? The idea is that people won’t pay much attention to the name; they’ll just see the word “WhatsApp” and the official logo and queue it up for download without checking the details. Always double-check to see if you’re getting the right app.
2. Strange Developer Name
Likewise, the developer may be different from the one you’re expecting. If you can search online for the official developer’s name, this step becomes easier. If the developer name for the app doesn’t match what’s on the official site, you have a scam on your hands. This can get very tricky; as per the WhatsApp article above, the developer name will be identical to the official developer’s name, except an “invisible” whitespace character is added to the end to make it different. Still, exercise caution with the developer name and don’t download anything with a suspicious name.
3. See What People Are Saying
Be sure to check the reviews of a potentially fake app. Don’t expect all-negative reviews, however; part of a fake app’s disguise is to get fake five-star reviews to boost its credentials. Instead, look for what the negative reviews are saying. If they’re saying the app is fake and doesn’t do as it says it does, beware!
4. Check the Download Count
If you’re downloading a very popular app, you should be seeing very high download counts as a result. To put this into perspective, at the time of writing, the Facebook and WhatsApp apps have a download count of one- to five-billion hits each. If you go to download a heavyweight app and see that the downloads are in the thousands, tens of thousands, or even millions, it’s a scam! You can check download counts in the following area of the app’s info.
How Are They Sneaking Through?
Now that you know what a fake app looks like, the question remains; how are these apps even making it onto the app store in the first place?
In terms of dodging Play Store’s malware detectors, developers have found ways to make their apps become malware after being uploaded to the Play Store. This is typically done by uploading a malware-free app with the capacity to talk to a third-party server. This in itself isn’t malware, which allows the app to skirt under security. Once it’s on people’s phones, the app talks to the third-party server to download the malware. This is how FalseGuide made the impact that it did.
As for an obviously-fake app getting onto the store in the first place, this may just mean that more needs to be done to control fake apps being uploaded.
Finding the Fakes
With fake Android apps being an efficient way of spreading malware, it’s crucial to find the bad eggs before downloading anything. Now you know how to be more careful on the Play store and how to spot a fake app.
Have you, or someone you know, fallen victim to a fake app? Let us know below!
Simon Batt is a Computer Science graduate with a passion for cybersecurity.
Our latest tutorials delivered straight to your inbox