Fake Mobile App

7 Tips for Spotting a Fake Mobile App

You’ve just downloaded a new mobile app, cryptocurrency wallet, or fitness app, but something isn’t right. Your phone’s screen is swamped by annoying ads, the app is not doing what you would expect it to do, and you found an unauthorised transaction on your bank account.

Chances are that the app you downloaded has been after your money or sensitive information. Given the wealth of data we access via our smartphones, it’s little wonder that cybercriminals have their sights on these devices, with threats looming large especially in third-party app stores.

The number of Android threats soared by 57% in the last few months of 2022, having been driven by a whopping 163% increase in adware and growth of 83% in HiddenApps detections. Luckily, you can avoid both malware and potentially unwanted applications (PUAs) by being cautious and doing your diligence.

Our tips below will help you to spot a potentially dodgy app from miles away, as well as get your phone back into shape if you downloaded such an app.

How to recognise a fake app

Radius-IT-Telcoms_cloud_security_ 6

Check the numbers

Say you’re looking for what you would reasonably expect to be an app with hundreds of millions of users but only come across an app that, while sounding like the real thing, hasn’t racked up anywhere near as many downloads. If that’s the case, chances are high you’re dealing with an imposter app.

Indeed, be cautious whenever you’re looking to download an app that has been the talk of the town lately. Cybercriminals are always eager to piggyback off a surge in the popularity of an app or service in order to push copycat apps to the market.

One recent example is a slew of sketchy apps that attempt to ride the ChatGPT craze and that were rolled out even before the official app was released. Much the same applies to bogus updates for legitimate and widely-used apps.

Read the reviews

If an app is rated poorly, you should probably give it a pass. On the other hand, tons of glowing reviews that all sound almost the same should also raise eyebrows.

This is especially the case with apps that have not been downloaded millions of times – many of those recommendations may be the work of fake reviewers or even bots.

Check the visuals

Something about the app’s colour or logo used doesn’t feel right … If you’re in doubt, compare the visuals to those on the website of the service provider. Malicious apps often mimic legitimate counterparts and use similar, but not necessarily identical, logos.
However, don’t be lulled into a false sense of security just because you recognised the logo of a well-known bank, payment processor or cryptocurrency wallet.

Some apps not only misuse the name of a legit service, but are also distributed via websites that are the spitting images of the legitimate sites. Keep your eyes peeled for details – a closer look, including at the URLs, often reveals some giveaways.

Double Check the “official app” claims

Radius-IT-Telcoms_cloud_security_ 5

When downloading a mobile app that should be associated with a popular online service, make sure that the service actually offers such an app. If that’s the case, its official website will contain links to the apps in Google Play Store and/or Apple App Store.

The number and variety of malicious ChatGPT-themed apps is a handy example.

Check the app’s name and description

Legitimate app developers typically go to great pains to avoid coming across as unprofessional. This also applies to things as mundane as app descriptions – read through them to see if you can spot poor grammar or inconsistent and incomplete details. These often provide a clue that an app isn’t what it’s claimed to be.

Check the developer’s pedigree

Tread also carefully when dealing with an app from an unknown app developer with no track record in app development. Don’t be fooled by a name that rings a bell, either – shady app makers may be misusing the name of a legitimate and well-known entity.

Double check if the developer has other apps to their name and that the apps are reputable; if in doubt, search for the developer’s name in Google.

Look out for excessive app permissions

Last but definitely not least, stay away from apps that require excessive user permissions – that is, the kinds of privileges that they don’t really need to do their job.

A flashlight app hardly needs admin rights and access to core device functionality.

7 ways to tell that you downloaded a risky app

Radius-IT-Telcoms_cloud_security_ 4

The app isn’t doing its job

Researchers have analysed apps that pose as security solutions, but all they did was display unwanted ads and offer pseudo-security, mimicking basic security functions with very primitive security checkers that relied on a few trivial hardcoded rules.

As a result, they often detected legitimate apps as malicious and created a false sense of security in the victims.

If your new “game” turns out to be a gambling platform, something isn’t right. Check again what it is that you’ve actually downloaded.

It behaves strangely

Does the app exhibit weird behaviour, such as starting up, closing, or failing altogether for no apparent reason?

This is one of the most obvious signs that you may have downloaded a dodgy app.

You incurred unexpected charges

If you’ve spotted unwanted charges on your credit card or phone bill, it could be due to an app you downloaded recently.

If the user had a credit or debit card directly connected to an Apple account, malware would attempt to steal money from the victims via fraudulent in-app payments.

Watch out for scams that involve downloading a peer-to-peer (P2P) payment service and offer fictitious products and services at fire sale prices. Because payments are often instant and cannot be cancelled, you may lose money by paying for something you will never receive.

Strange messages and calls

Radius-IT-Telcoms_cloud_security_ 3

Another sign of trouble involves malware spamming out messages from your phone to your contacts. In other cases, your call or text message history may contain unknown entries as malware attempts to make unauthorised calls or send messages to premium-rate numbers.

Battery drain

Does your device battery get drained far faster than usual? It may be due to background activity that consumes the device’s resources and could ultimately indicate that your device has been compromised by malware.

Spikes in data usage

If you experience a major and sudden surge in your internet data usage without any change in your browsing or phone usage habits, it could also be because of an app’s activity in the background.

Random ad pop-ups and unknown apps

A malicious app may go on to install additional apps in the background and without your authorization. The same goes for pesky adware displaying unwanted ads on your device. If you spot any of this, chances are high you need to act fast.

Spotted a fake mobile app – What to do next?

Radius-IT-Telcoms_cloud_security_ 2

After discovering what you suspect is a sketchy app, remove it or, even better, download reputable mobile security software that will scan your device and remove the app for you.

If you go the “manual” route instead, reset your phone to factory settings (prior to that, make sure you have your data backed up).

Going forward, if you use apps from the Google Play Store, make sure to enable the Google Play Protect scanning on your device. You can also check the apps you’ve downloaded from outside of the Google Play Store. To do so, turn on “Improve harmful app detection”, which will send unknown apps to Google automatically.

What if you’re an iOS user? Contrary to what many people may think, downloading a dodgy app on iOS, even from the Apple App Store, isn’t unheard of.

You can also follow Radius on InstagramFacebook or LinkedIn for more cybersecurity updates.

Source: ESET

Call our sales team now on LoCall 0818 592500.

Alternatively, please send us a message via the form below and we’ll call you back.

Get in Touch

Certified Excellence

Radius maintain both ISO quality and Information Security certification. With GDPR regulations now in force, it’s critical that your IT partner handles your organisation’s sensitive data with the highest of standards.

ISO Quality and Information Security certification requires rigorous processes to be embedded at the heart of everything we do. Radius is proud to maintain this standard, awarded to only the very top tier of IT service providers.

Industry leading partnerships

Radius is a gold Microsoft partner for Datacenter and Cloud Solutions, a preferred HP and Cisco partner and a Retail Excellence Ireland gold partner. These partnerships give us unrivalled access to the best technology to support our clients’ IT and Telecoms needs.