Malicious apps: What they are and how to avoid them

Disguised as popular games or services, malicious applications can harvest your personal information and harm your mobile device. Here’s how to avoid them.

Mobile apps enable us to keep our smartphones and tablets feeling fresh and new. By downloading a helpful app to assist productivity or a fun new game to keep us entertained on those long commutes, the app stores are a never ending supply of new content.

However, lurking amongst the addictive trivia apps, music and movie streaming services and fitness trackers lies the odd wolf in sheep’s clothing – fake apps that can steal your data, sign you up for expensive services and damage your phone.

What does a fake app do?
Unfortunately, malicious developers will often create fake versions of popular apps in order to trick mobile users into downloading. Once installed on the phone or tablet, those apps can then harvest the user’s personal data, payment details and sensitive information. Some fake apps automatically sign the user up for premium text services, which can end up costing a small fortune.

The problem is far more common on Android devices as the open nature of the platform makes it easier for imposters to make on to your device. On Android it’s also possible to by-pass built-in security measures and install apps from non-official sources, increasing the risk.

In June last year it was reported there were almost a million fake apps on the Google Play Store, including fake versions of 77% of the top 50 free apps.

Apple is much more stringent with its screening procedures so iPhone and iPad owners have much less to worry about.

However, here are some tips to help you steer clear of the app store fakers:

Tip 1: Download from the official source

Fake apps - Download from the official source

If you have an Android device make sure you download the apps from the Google Play store rather than unofficial stores and links.

The Play Store’s built-in ‘Bouncer’ software, designed to spot malicious apps, isn’t perfect but has resulted in a huge drop-off in the malware that was making it on to the store. Also, if you receive a text message asking you to follow a link to download an app, don’t.

Tip 2: Read the reviews

Fake app - read the reviews

A sure fire way to spot a fake is to look at the reviews. For example, if you see a high-profile app from Netflix or Facebook with just a few reviews, you’re probably looking at a fake. Likewise, the reviews themselves are likely to out the imposters. Another good way to gauge whether an app is genuine is to look at the number of downloads.

Tip 3: Screen the developer’s information

Fake apps - developer information

App stores will always list the person or company that developed the app, so if you see ‘Facebook’ next to a high-profile app, you’re on the right track. Clicking the developer’s name will take you to other apps they’ve published.

If they do not have a good track record, or reviews suggest they have previous form, then you may be looking at a fake app.

If you see an Angry Birds app published by anyone other than Rovio, or a Candy Crush game that was not made by King, it’s a fake

Tip 4: Check out the ‘sign-in’ screen

Fake apps - Netflix real and fake

Is there a spelling error within the sign-in screen for Spotify? Is it poorly designed and formatted strangely? In the example above the Sign In button isn’t centred, so don’t enter your login details because it’s probably a fake app. These companies have huge budgets and armies of designers and don’t make such errors.

Photo credit: Kaspersky

Tip 5: Too many ads?

Is the app you’ve downloaded low on content and high on annoying advertisements? It could be a fake. Not all fake apps are designed to maliciously harvest your data, many are just relying on downloads to make money on advertising.

Tip 6: Is it even available on Android?

Fake apps - Apple only apps

If you see an Apple-only app such as iTunes, FaceTime, GarageBand or iMovie available for Android, it’s a fake.

Apple has never developed an app for Android devices, so if a listing is promising access to one then it’s definitely a fake!

Tip 7: Beware of ‘mobile web’ style apps

Many apps are simply ‘redirects’ to websites, meaning when you use them, you’ll simply be taken to a mobile website within your browser. Such low-end development, which has no discernible additional content, can often be a sign that the app is a fake.

Tip 8: Protect yourself

Fake apps - settings on Android tablet

In your Android device Settings you can protect yourself against installing apps from unofficial sources.

Head to Settings – Privacy. Under Device Administration look for ‘Unknown Sources: Allow installation of apps from unknown sources’ and make sure the box isn’t ticked.

You’ll also see an option ‘Verify apps: Disallow or warn before installation of apps that may cause harm’ here make sure the box is ticked.

Tip 9: Install antivirus software

Fake apps - Lookout app

If you’re an Android user you can also install antivirus software like Lookout Security & Antivirus, Kaspersky Internet Security and Avast Mobile Security & Antivirus.

They’ll continually scan your phone to make you aware of any apps that may pose a threat. Most of them will let you know if an app is attempting to access information from other areas of your phone, something many fake apps will do.

Check out the video above to find out how to install Lookout Security & Antivirus in action.

But beware… there are some fake antivirus apps out there too so follow all the steps above before you download!