By Gabriel Wood, NextAdvisor.com
Recently, a fake version of the popular social media app WhatsApp was downloaded over 1 million times from the Google Play Store before users on Reddit discovered it. The fake WhatsApp contained code that would spam phone users with ads, secretly download other programs in the background and make itself invisible by keeping its icon and app title blank. To make things worse, according to Reddit users, the fake WhatsApp had a seal from Google Play Protect, indicating that Google had scanned the app and found nothing wrong with it. While this may be one of the largest cases of hackers tricking people into downloading a fake app, it’s far from the first, and both the Google Play Store and the iOS App Store have hosted harmful fake versions of popular apps before. To make sure your phone remains secure, read on to learn how to identify fake apps so you can stay away from them.
Check the permissions
A fake app can do a large variety of shady things with your phone, such as redirect your browser to infected websites, see through your camera or send premium-rate text messages and stick you with the bill. However, many of these actions rely on you giving the app permission to access specific functions on your phone. When you install an app, you’ll usually get a pop-up with a list of permissions the app needs so it can activate its features, like access to your phone’s camera or network communications. This is completely normal for apps to do, but for legitimate apps, you can typically trace each permission it asks for back to a feature of the app. On the other hand, fake apps commonly ask for more permissions than normal, so they can have as much control over your phone as possible, and those permissions don’t always fit with the kind of app they’re pretending to be. For instance, if you download what looks like a flashlight app and it asks for permission to access your contacts, camera and SMS messages, that’s a good indication that the app has hidden, possibly exploitative functions. Whenever you grant an app permissions, pay close attention to what permissions you’re giving it and how it’s going to use those permissions. Be especially wary of apps asking for the administrator permission, as this gives the app the most control over your phone, and can even make the app undeletable.
Read the app description thoroughly
If you know what to look for, you can often spot a fake app before you download it just by analyzing various parts of its store page. Look at the number of downloads the app has and check if they’re high enough considering the app’s popularity. The fake WhatsApp mentioned earlier had over 1 million downloads, but that’s a red flag because the real WhatsApp has well over a billion users. Looking at the reviews can be another good indicator for a fake app, though you have to look a bit more closely than with download count. Positive app reviews can be easily bought, so pay attention to both the number of reviews and what they say. There should be at least a few thousand reviews for a major app, and if all of the positive reviews are short and generic, while all of the negative reviews are warnings that the app doesn’t work or is a fake, that’s a strong sign that the app is phony. You also may want to read the description of the app and check for broken English or typos, which are extremely uncommon in the descriptions of official, professionally-developed apps. It might seem like a good idea to check the publisher name, as well, but fake app developers are increasingly using special characters to copy the names of major companies, so that method of verification isn’t as reliable as it once was.
Vet the developers
The previous technique works well with major apps, but for smaller apps from less well-known developers, it’s a good idea to do some basic research on what the app is and who made it. Evidence that the app’s creator has been working on the app for a while, or has released other legitimate apps in the past, can give you a sense of whether their product is trustworthy or not. Check not only the developer’s own website, but also any online discussions about them in forums or comment sections. If you can’t find any information about an app or the people that made it, that’s a bad sign. Be especially careful with apps that promise shopping discounts or ways to passively make money, as these concepts seem especially attractive to fake app developers. When you can’t decide if an app is okay to download, the safe course of action is to not download it.
Fake apps are unfortunately common, but with a bit of awareness and knowing what to look for, it’s easy to not get tricked by them. For more information on how to use technology the safe and secure way, follow our technology blog.
This blog post originally appeared on NextAdvisor.com.