Open in app

Sign in

Write

Sign in

What are the dangers of ‘fake’, malicious mobile apps and how to guard against them?

Moss Piglet
5 min readMay 19, 2023

--

HOW PEOPLE END UP DOWNLOADING BAD APPS

There are many ways in which a person can get tricked into downloading a fake or malicious app.

In many cases, scammers leverage social engineering methods.

They do this by masquerading as bank officers or law enforcement units to persuade victims to download applications from third-party sites, which are also masquerading as legitimate sites from which to download these applications.

Such apps can also be propagated through online advertisements offering services or deals for products. When users click on these ads, the supposed seller of the services will ask them to download an app through a link to access the supposed services.

These app would then cause harm to the user in various ways.

Besides offering services or goods, such download links can be in many guises that pique the curiosity of the user. During the Covid-19 pandemic, the banner or ad could be for information about Covid-19 and its medical effects. Later, it could be around the Ukraine conflict and ‘donating’ to people suffering in the war.

Some fake apps pretend to be an Android update or a security update and victims downloading these files get a malware-infected file on their mobile phones instead.

ARE ALL APPS IN OFFICIAL STORES SAFE?

Google does not permit apps that are “deceptive, malicious, or intended to abuse or misuse any network, device, or personal data” on Google Play Store.

Google has a built-in malware protection, Google Play Protect, which uses machine learning models to automatically scan over 100 billion apps on Android devices every day for fraud and malware.

Cybersecurity experts said that every official app store generally has safeguards against malicious apps. However, occasionally, some malicious apps do get through the checks.

While some apps may not have any malicious code inside, these apps can behave maliciously.

For example, upon downloading, certain apps may request access to certain functions or resources in the phone — such as the contact list, camera and many others — for various reasons. In this case, anyone can misuse those authorisations or those resources that are sitting on your phone.

Therefore, users need to be all the more vigilant when it comes to downloading apps from outside the official stores such as Apple’s App Store where there is even less control over the types of apps offered.

WHAT HAPPENS AFTER A BAD APP IS DOWNLOADED

There are many ways in which the app can cause harm to the device and its user:

  • Some apps can install malware into the device, which can steal private information or act as a key logger to record passwords and other details for exploitation
  • Malware may take control of the device’s microphone and video camera or do screen recording to potentially record compromising or private activities
  • Pop-ups may also appear. They may range from annoying advertisements, to tabs in the phone browser leading to phishing sites

The stolen information and data would in turn lead to different types of harm.

For example, a stolen contact list can allow the threat actor to impersonate the victim and reach out to his family and friends to ask for monetary aid or favours.

Stolen credit card or banking details can be exploited to make fraudulent purchases or transactions, leading to monetary losses.

HOW TO MINIMISE RISK OF DOWNLOADING FAKE OR BAD APPS

Protecting oneself from potentially harmful app starts from “taking stock” of what app one truly needs. Start to reduce the apps on your mobile device and keep those that you use on a regular basis.

Before downloading any app from the store, you may take note of the following;

1. COMMENTS ABOUT THE APP: If an app is a popular one, it should not have a low rating or numerous user complaints. However, it is easy to generate fake positive reviews, so overwhelmingly positive reviews could potentially be a red flag, too.

2. NUMBER OF DOWNLOADS: Legitimate apps commonly have up to millions or billions of downloads. If a popular app has only several hundred or thousand downloads, it is very suspicious and consumers should conduct a detailed check to ensure the legitimacy of the app.

3. APP DEVELOPER: Do some background research into the developer to find out information about it. This might show whether the developer is reputable or not.

4. APP RELEASE DATE: If an app was released very recently but has an abnormally high number of downloads, it is likely not a real version of the app because legitimate apps with high downloads often take a period of time to generate market traction.

5. APP PERMISSIONS: Fake apps often ask for more authorisations that are not strictly necessary. For example, a navigation app should not ask for access to your contact list or photos.

6. APP ICON: Fake apps commonly use the same icon as a real app. However, at times, the icon image might not be of high quality and if it is abnormally pixelated, it is also a warning.

Additionally, downloading security softwares such as antivirus ones can also offer some form of protection, because they can scan for some potential threats. Having antivirus software does help, but still, users should be wary of apps they download, and not put full reliance on antivirus softwares.

Users may want to frequently update their phone operating systems and their apps, because the updates typically contain patches to protect against vulnerabilities.

Beyond software protection it is also important for users to exercise vigilance, especially against any app that offers deals or offers that are too good to be true.

In conclusion, there is no silver bullet to solve this issue. There has to be a combination of technology measures and user awareness to eradicate this issue.

WHAT TO DO IF YOU DOWNLOADED A MALICIOUS APP

In the event that a person has downloaded an app suspected to be malicious, it is suggested to perform the following steps:

  • Put the device into “airplane mode” to disable the radios and transmitters on the device. This will ensure no data can be transmitted into or out of the device
  • Retrace your steps to your best ability and take corrective actions. For example, if you had put in your card and banking details into the bad app, cancel the card and inform the bank. If you have put in your email account details, change the password of your email account immediately
  • Remove the suspicious app and scan the device with an antivirus or security software
  • If the device still behaves strangely after all the steps are taken, give your device a factory reset
Cybersecurity
Apps
Google
Virus
Malware

--

--

Moss Piglet
Moss Piglet

Written by Moss Piglet

74 Followers
154 Following

Musings of life. Also writer @ https://themosspiglets.com/

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams