Ever wonder how sneaky Android developers get people to install their fake apps? We explain the methods they use to cheat people and fill their wallets.
It doesn't happen too often thanks to the rigorous checks apps go through, but occassionally a fake app will slip onto the Google Play Store. How does it happen?
Here's what cheating developers do:
When an Android app developer creates a malicious app and wants it to get attention fast, the easiest way to do it is to make it look like some other app that is already popular, like Waze. The impatient developer names it “Waze Tips” so it looks like customers will learn something useful. Then he puts it onto the Google Play Store and creates fake comments and ratings so it looks legit. After that, he's set for success.
That’s the logic behind fake Android apps. Not surprisingly, there actually is an app that uses all these methods called "Free Waze Traffic GPS Maps Tip".
This fake app uses all the tricks to fool users into installing
Lately, the Avast Mobile Security research team has discovered fake apps in the Google Play Store, including an app called “Free Avast Mobile Security Tip” with a rating of 4.6. (At least the high rating is authentic ;-) )
The app itself is pretty basic. But, because people like to read a few reviews before they install an app, it shows the four top reviews - all loaded with ads. This can be potentially dangerous if you click on one of the ads. Malware makers make a profit off of their fake apps because of the ads. They don’t take any money from you; they get the money from the advertisement companies.
Let's take a look at the app page.
This is the fake Avast Mobile Security Tip app page on Google Play and the reviews.
The fake ratings page
And this is the actual app. Notice the dorky icon and stolen images.
By installing the app, you allow shady developers to make money for something that they lied to you about. There are no useful tips or tricks. It’s just some text they found online. They put it in the app, loaded it with ads, and released it.
What these Android developers are doing is called “scamming” and it’s punishable by law. As a customer, if you’re lucky enough, you will merely install a fake app that “just” has ads inside. If you’re not, you can get in some serious trouble with a fake app that locks up your phone and steals money from you.
You can easily recognize a fake app by looking at the developer name and checking the comments and rating.
In the case of the fake "Avast Mobile Security Tip"app, the developer name reads "Lose Fat Secret Fitness Pal Avast Avira AVG Clean". That doesn't sound very convincing.
Also, check the number of ratings. It's rated 4.6 but it only has 13 ratings. Real apps have many more ratings.
Stay away from fakes and always have your phone protected. The real Avast Mobile Security app will keep you safe.
The Cybersecurity Tech Accord and Economist Intelligence Unit report measures the beliefs of IT security leaders and experts regarding threats posed by state-led and sponsored threat actors.
MyData Global is a non-profit organization built to empower individuals by improving their rights regarding personal data. Read up on their current efforts to enable secure data sharing.