Smartphones are now an integral part of our everyday lives. You do almost everything with them, from keeping in touch, using them to pay for goods and services, and as your world to numerous apps. But as the number of apps increases, so does the threat posed by fake apps that steal personal data, spread malware, or lure users into subscription traps. Apps from financial and payment services such as PayPal, banks, and digital wallet providers are particularly affected.
Read on to learn how fake apps work, what threats they pose, and how to spot them. With the help of these practical tips, you can protect your device in the best possible way. Security apps like Avira Antivirus Security for Android or Avira Mobile Security for iOS help you spot fake apps right away and keep your smartphone safe.
What is a fake app?
Fake apps mimic the look and features of popular apps, tricking unsuspecting users into downloading and using them. These apps have a clear goal: To steal personal data, display unwanted ads, spread malware, or lure users to phony websites. There are loads of fake apps out there for PayPal, banks, and digital wallets — and they all aim to steal your financial information.
Artificial intelligence (AI) and deepfake technologies have the potential to make fake apps even more convincing and therefore more dangerous. Cybercriminals use AI to create realistic deepfake videos and voices that can be used for identity spoofing. These technologies allow fraudsters to create fake customer reviews, deceptively genuine-looking user interfaces, and automated phishing bots that can interact with users.
Types of fake app
Fake apps can be divided into two main categories:
Counterfeits (imitated apps): These apps copy the design, name, and description of genuine apps to trick users. Often, you’ll find only minimal tweaks to the name or logo.
Repackaged versions: These are legitimate open-source apps that are hijacked by scammers and injected with malicious content such as adware or malware.
What threats do fake apps pose?
Although there are many fake apps, they all pursue the same goal: To steal user data or cause financial damage. The following examples show which fake apps are most widespread and what risks they pose.
Fake banking apps: These apps mimic official banking apps to steal account information. Whereas genuine apps scramble your data to make it secure, fake apps simply forward it directly to the scammers. They often also steal one-time TAN (transaction authentication number) codes by contacting victims, falsely claiming to be from their bank. Protect yourself by downloading banking apps only from official sources and going through the developer information with a fine-toothed comb.
Fake security apps: Some fake apps pretend to be antivirus or security software. They don’t actually scan your device — instead, they trick users into believing their device is infected so they buy a useless premium version to “fix” the issue. In some cases, they even install Trojans (malware) that steal passwords and personal data without the user noticing.
Fake competition apps: These apps promise you prizes or vouchers, but require personal information or payments to receive the “prize”. In many cases, victims are tricked into signing up for expensive text-based subscriptions or entering credit card details without ever receiving any winnings.
Fake crypto wallets: They pretend to be a legitimate crypto wallet, but steal your coins after you enter your wallet keys.
Shopping and sales apps: Fake apps pose as well-known online shops and lure customers with unbeatable prices. Customers pay for products that are never delivered.
Ransomware apps: These apps encrypt your device and demand a payment to restore access.
Botnet apps: Some fake apps use your smartphone for scams, such as sending spam, or in DDoS (Distributed Denial of Service) attacks.
Fake apps and their connection to fake websites
Fake apps are often part of larger scams and are closely linked to fake websites. Cybercriminals create fake websites that look like the official web pages of banks, online shops, or social networks. They spread links to these fake websites via phishing emails, social media ads, or manipulated search engine results. Once there, users are tricked into downloading a fake app or revealing their personal data. Such methods are also known as scamming and are particularly dangerous because they often appear very convincing.
How do you spot fake apps?
Fake apps are often designed to look deceptively real to trick users. Cybercriminals copy logos, developer names, and use fake reviews to gain trust. But there are clear tell-tale signs that give away a fake. If you stay alert and check a few aspects, you can protect yourself from such apps. Here’s what to look out for:
Bought reviews and comments: Some scammers buy positive reviews to make the app appear credible. Look out for an unusually high number of 5-star reviews with short, meaningless comments.
Question the usefulness of the app: If an app is advertised as a supplement or update to an existing app, check whether the company itself has announced such an update.
Compare app logos and developer names: Fake apps often have logos that differ only minimally from the genuine ones. In addition, developer names will differ slightly from the official app.
Publication date and update frequency: A popular app with very few downloads or a recently created app with many downloads is a sign you should be suspicious.
Check app permissions: A simple flashlight app shouldn’t require access to your contacts or text messages. If an app requests too many or unusual permissions, this could be a warning sign.
App signature: One of the surest methods to verify the authenticity of an app is the app signature. Every legitimate app is digitally signed by its developer to guarantee its authenticity. These signatures ensure that the app has not been tampered with or modified since its release.
What should you do if you’ve downloaded a fake app?
If you’ve installed a fake app accidentally, you’ll need to act fast to avoid any damage. Do the following:
- Remove the app immediately: If you’ve discovered a suspicious or unwanted app, you can remove the app from an iPhone by long pressing the app icon and then tapping Remove App. On Android devices, you can remove the app right away by long pressing the app icon on the home screen, in the app drawer, or in the Settings app and then tapping Uninstall.
- Change your passwords: If you’ve entered your login details into the fake app, immediately change your password for the affected account and turn on two-factor authentication (2FA).
- Use security software: Use reputable security software like Avira Antivirus Security for Android or Avira Mobile Security for iOS to scan you device for hidden malware or spyware.
- Check your bank account and credit card statements: Check your bank account and credit card statements for unauthorized transactions and contact your bank if you spot anything suspicious.
- Back up your data and reset your device: If your device continues to act unusually, reset it to its factory settings.
- Report the fake app: Tell the Google Play store or Apple App Store so other users don’t fall victim.
How can you protect yourself from fake apps?
There are a number of preventative steps you can take to protect yourself from fake apps. Let’s take a look at them now.
- Use secure messaging apps: Protect your sensitive data with your messaging app’s end-to-end encryption feature. Make sure you keep your app updated to install the latest security fixes and that it comes from a trusted source.
- Install apps only from official stores: Only install apps from the Google Play store or the Apple App Store. That’s because these platforms check the security of apps prior to publication to filter out malicious ones.
- Check permissions: Check app permissions prior to installation. An app should only request the permissions necessary to do its job. For example, a flashlight app shouldn’t be requesting access to your contacts or camera. Check out our blog on how to check app permissions on the iPhone or manage app permissions on Android.
- Perform regular software updates : Always keep your operating system and installed apps up to date to avoid security vulnerabilities.
- Check app logos and developers: Prior to installation, compare the developer’s name and app logo with the provider’s official website. Even the tiniest difference could be a sign of a fake.
How do fake apps get into the app stores?
Although app stores like Google Play and the Apple App Store conduct strict security checks, cybercriminals still manage to smuggle fake apps into the official marketplaces. To do so, they use various tricks:
- Fake app disguised as a legitimate one: Scammers use names and icons similar to those of well-known apps to trick users.
- Manipulated app reviews: Bought reviews and inflated download counts make a fake app appear trustworthy. Although these false metrics are often added post-publication to attract users, malicious actors use other tactics to initially get into the store. These include bypassing app store vetting processes or passing themselves off as harmless apps.
- Bypassing security vetting: Some fake apps are initially submitted as harmless apps. Once they’re approved, they’re then loaded with malicious code through updates.
- Use of stolen developer accounts: Attackers take over legitimate developer accounts and upload manipulated versions of genuine apps.
These tactics show that even official app stores don’t offer water-tight security. As such, always be careful and check apps carefully before installing them.
Enjoy protection from fake apps with Avira Free Security
Avira Free Security detects fake apps in real time, checks risky permissions, and blocks malware. It also detects phishing attempts and warns you if you’re about to download a fake app. And by keeping your device updated, your protection is always current.
iPhone users can protect themselves against malware and harmful apps with Avira Mobile Security for iOS, while Avira Antivirus Security for Android offers tailored protection for Android users.
Download Avira Free Security today and protect your device from fake apps and other online threats.