At the end of last year, the App Store and the Play Store removed a fake Alexa set-up app that was stealing users browser history and sending data to an unknown Chinese server.
We also recently posted an article covering the fraudulent GPS apps lurking in the Play store, and popular apps like WhatsApp and Fortnite are repeat targets of scammers trying to get a cut of the action.
Suffice to say, users from both the Apple and Android sides of the aisle should tread carefully when it comes to downloads.
Scam apps have long been a problem, yet, it’s difficult for the platforms to get ahead of these bad actors.
Widespread ad fraud
A few months back, Buzzfeed published an article that revealed a massive fraud ring in the Google Play Store. A company, called, We Purchase Apps was responsible for stealing millions in ad revenue. The story broke back in October 2018, and it looks like the company has since taken down their website.
And then there are instances like this one involving Cheetah Mobile and Kika Tech in December 2018. It was discovered that the two popular apps were engaging in ad fraud, by way of three malicious SDKs: AltaMob, BatMobi, and YeahMobi.
In this case, the scheme was something called app install attribution abuse, which means SDKs fake the number of new downloads to receive the payout from the developer. Google did remove the apps in question, demanding that they remove the SDKs.
It’s easy to ask why Google doesn’t just pull these apps automatically and inform consumers of fraudulent activity. But the sheer volume makes this a near-impossible task. Mobile attribution firm, AppsFlyer looked at 17 billion app installs spanning 7,000 apps globally. According to their findings, more than a quarter of those apps have engaged some form of install fraud.
The reason is, anyone can create and upload an app — and with so many amateur developers competing for space on the platform, there are plenty of opportunities for scammers to slip through the cracks.
A look at some of the biggest Play Store scams in recent memory
Like WhatsApp, scammers are capitalizing on another one of the biggest apps in the game; Fortnite. Fortnite is a prime target for scammers, as the app is free and can be played across game consoles, phones, and PCs. While scams have spanned a range of mediums—the Play store has been walloped by fake apps.
One example is this Google Play app that claimed to help users earn free V-Bucks. As you can see in the image below, the scammers benefitted by including a link that “automatically gives the app a five-star rating.” That skewed results and prompted more downloads.
Researcher Lukas Stefanko of ESET found that the Google Play Store is loaded with navigation apps that pass Google Maps off as their own, then run ads over the program. Stefanko says that creating these fake apps is easy — all scammers need to do is add a small modification and they can start making ad revenue.
While the problem may be more of an issue for advertisers, consumers have found that the apps ask for a lot of information that has nothing to do with the program.
Over a million people were tricked into downloaded fake Android apps posing as WhatsApp. Initially, the fraudulent app was called “Update WhatsApp,” then it changed its name to “Dual Whatsweb Update” when users started to catch on.
— Nikolaos Chrysaidos (@virqdroid) November 3, 2017
Battery saver and performance booster fakes
Many of the fraudulent apps currently lurking in the Play Store are apps that claim to save your battery charge or boost performance by freeing up RAM.
These apps are BS. They don’t do anything except give you a little animation to look at; a technical representation of how “hard” the tool is working to generate more power.
Avoid these so-called performance boosters, as their advertised benefits are things your phone does automatically.
Apple users aren’t off the hook
Sure, Google might get more attention for their massive collection of scammy Android apps, but the App Store has its own share of problems. One example is a Touch ID scam, a tactic that asks for your thumbprint or Face ID to authorize charges that, according to Wired, range from $90 to $120 each.
There have been several instances of these scams showing up in fitness assistant or health-focused apps, like this heart rate monitor or a since-removed app called Fitness Balance.
.@AppleSupport this app called Fitness Balance is trying to scam people out of $100+ dollars by tricking them into purchasing their in-app purchases. It is unacceptable this app managed to get on your App Store. pic.twitter.com/I68vwQoG86
— Jacques Fourie (@Jac4e) November 29, 2018
Tips for staying safe while shopping Google Play
The common wisdom for Play Store installs is; don’t download anything from malicious third-party apps. Unfortunately, fraudsters are becoming increasingly sophisticated.
These days you’ll need to be more careful; try the following preventive measures to lower your risk of installing infected apps:
- Make sure you download from reputable sources only. Okay, duh. But, just a reminder: the top search result is usually the “official” version of the app you’re looking for. Double-check that the official developer posted the app. Additionally, add-ons or “cheat” apps like the Fortnite example from third-parties are especially risky, so be extra careful with these.
- Read the reviews. Chances are, an infected app will have some low ratings, along with several bad reviews.
- Do not change any security settings or root your device.
- Use a reputable anti-virus scanner. While PCs are the usual malware victims, hackers can also break into your phone.
- Check app permissions before downloading. Make sure permissions make sense. Granting access to sensitive data should be a red flag, so just double check that the fine print seems within the normal range.
Remember that you can also download apps from Softonic’s catalog as well, and we ensure that the apps we carry are free from any malware. Stay safe out there!