Bulletproof privacy in one click
Discover the world's #1 privacy solution
Coming soon
Coming soon
Coming soon
Blog6 minutes read
May 22, 2023
How to Spot And Remove Fake Apps
Apple may have coined the phrase “There's an app for that” but the rest of the app development world seems to have really taken it seriously. There are literally thousands of apps on app stores covering everything you need, don't need, or don't realize you need. Basically, everything in life has been turned into an app. From dating to nutrition and fitness, period trackers, games, banking, and retail. There are even apps to add cats to all of your photos or talk to spirits!
But in the same way that not all apps are made equally, not all are made honestly.
There are real apps and then there are fake apps. If you download a fake app, you risk your privacy and having your personal data fall into the hands of cybercriminals which could lead to all sorts of trouble, including identity theft and fraud.
To help keep your data safe, we'll talk you through what fake apps are, how to identify fake apps, remove them and how to avoid the dangers of fake apps.
What are fake apps?
Fake apps are mobile applications designed by cybercriminals with the sole aim to scam their users. Often these fake apps are designed to resemble legitimate apps as a way to trick people into downloading them.
Instead of performing the expected functions of the legit app, the fake app will be up to no good. Malicious activities can range from showing annoying ads, installing malware, or stealing personal information or money. Other, more sophisticated fake apps may even provide users with useful functions which act as a smokescreen to the data harvesting in the background.
If you're a privacy-concerned app user, then learning how to identify fake apps will be a top priority for you, and we're here to help. Before we get to the tips on how to spot fake apps, let's look at how fake apps work.
How do fake apps end up on app stores?
We rely on our smartphones for so much these days, our entire lives are carried about in the palm of our hands. We send and save photos, have private conversations, send emails, make business deals, conduct professional and personal banking on it, and more. Our smartphones are not only a treasure trove of information, but they are a window to our entire online life and identity. As such, they are a goldmine for cybercriminals. And one of the easiest ways for them to gain access to your smartphone is for you to “invite” them in, by accidentally downloading a fake app from a real app store.
Despite the security measures implemented by app stores, fake apps can slip through the net and end up for download by unsuspecting users.
A threat actor can register as a developer on a legitimate app store and download any real app. They can then rewrite that app using malicious code and upload the counterfeit app to the store. Learning how to identify fake apps can be difficult, as malicious developers can also manipulate the app store's placement system by creating fake reviews or by faking the download numbers.
The two main app stores are Google Play Store for Android users and Apple's App Store for iOS. The App Store claims to be more secure, only allowing vetted apps onto the platform but that doesn't mean that it's immune to fake apps. In mid-2022, the Satori Threat Intelligence team found 10 fake apps on the App Store. That said, it did also find more than 70 on Google Play. So if you have an Android phone you may be more at risk of downloading fake apps.
Official app stores are not the only way that fake apps are shared. There are third-party app stores that tend to have a higher concentration of fake apps. Other methods include phishing emails sent by scammers, appearing to be from well-known brands, such as banks which try to trick people into downloading fake applications.
Types of fake apps
Fake apps come in all shapes and sizes but we're not talking here about what the fake app is pretending to be, but what they really are under the disguises. Here's a brief look at what could be lurking on your phone if you haven't yet figured out how to identify fake apps and have accidentally downloaded one to your device.
Trojan Apps
A fake app masquerading as a legitimate app may be installing other malware to your device without your consent or knowledge. These actions may be to steal your personal or confidential information or lock a user out of their own device until they pay a ransom. Read more about Trojans here: How to protect against a Trojan Horse.
Fleeceware
Not technically a fake app or illegal, but certainly unethical. Fleeceware apps are apps with extremely expensive hidden costs. They use dark patterns to trick people into paying crazy cash for simple functions that are often offered for free. For example, app users were tricked into paying hundreds of dollars for a QR code scanner app.
Scareware
This is a false security app that users may be tricked into downloading, perhaps in an email, SMS, or malicious pop-up. Usually, a user will get a false alert stating that they are at risk from some (non-existent) cyber threat and they must download this security app to protect themselves. Instead, the app will have some sort of malware or spyware.
Spyware
Malicious apps containing spyware can monitor everything a person does, types, says, searches for, or saves on their smartphone. It relays all of this information to a cybercriminal-controlled server. Will the data at their fingertips, they can use it for blackmail or access your accounts, including bank accounts.
How to identify fake apps
Counterfeits exist in every industry, and as always, the trick is to learn how to spot the fake. Here are Hoody's top # tips on how to spot fake apps and avoid account takeovers or identity theft.
#1 Check the download count
Ok, so we know that clever scammers can artificially inflate the download figures, but not all cybercriminals are so savvy. Plus, the most popular apps will have thousands or even millions of downloads. If the popular app you're about to download has a surprisingly low download count, be aware.
#2 Carefully check the app logo
Fake mobile apps impersonating a legitimate app will attempt to copy the branding. They will create a logo and app icon that looks almost identical to the real one. But pay careful attention to the image quality and sizing. If something looks “off”, then it probably is.
#3 What's the release date?
Some of the most popular apps, such as Instagram, Facebook, Duolingo, and Amazon have all been available for download from the official app stores for years. If the popular app you're about to download was added to the store recently, then it's most likely fake.
#4 Read the reviews
If people before you have downloaded a fake app, then the reviews section is where they're going to come vent about it. On the other hand, be wary of all glowing reports. Reviews can be faked too. Remember the adage, if something sounds too good to be true, then it is.
#5 Do a little digging on the app developer
In learning how to identify fake apps, it pays to do a little research. Pay attention to the name of the developer. They may change one or two letters in the hope to trick users. It's a common trick often used in phishing scams. A quick online search should give you a sense of whether the developers are legit or not.
#6 Become a grammar-nazi
If you're not in the habit of scanning emails or social media posts for typos and grammar mistakes, then you might want to start. These common slip-ups can be the clue you need to tell the difference between a real app and a fake app. Legitimate apps will have a whole team of editors and proofreaders, and multiple sets of eyes scanning the copy before the app is released. A scam developer won't have this luxury which is good news for the eagle-eye amongst you.
#7 Check the app permissions
Terms of service agreements aren't the most riveting of reads but if you're in any way worried about the legitimacy of an app, then it's worth taking the time. If the app has odd permissions requests unrelated to its functions, then consider this a red flag. For example, why would a photo editing app need access to your contact list?
#8 Be aware of free versions of paid-for apps
Everyone likes a freebie but, if a popular app that you usually have to pay for is being offered for free, then be aware. Do all the steps we've mentioned above and make sure that the freebie isn't a fake app in disguise. If the app is worth having, then it's worth paying for. Just don't be tricked into paying for it with your personal data.
What to do if you've downloaded a fake app
So what if you're reading this post a little too late and you've already downloaded a fake app to your phone? Well, don't panic but do take action. Here's what to do:
- Delete the application from your device.
- Restart your device and download a verified antivirus (make sure to use the tips we've just covered to make sure it's not fake!)
- Run the antivirus just to be certain the fake app has been removed and it hasn't left behind any other malware.
- If you downloaded the fake app from an official app store, then do the decent thing and report the fake app to the app store and leave a review for other users to read.
Dodging all the scams and malware threats as we go about our daily lives online can be a real challenge. But with a little education and careful selection of your mobile apps, then you stand a chance. To keep learning, check out our 10 Ways To Improve Your Privacy Online.
Ruby MRuby is a full-time writer covering everything from tech innovations to SaaS, Web 3, and blockchain technology. She is now turning her virtual pen to the world of data privacy and online anonymity.
