Android app developers have found clever tactics for tricking users into installing fake apps. Here's how to not get fooled.
If you are an Android user looking to download business apps, beware of malicious app developers disguising themselves as legit sources.
Tricksters are taking advantage of the fact that when searching for apps on Google Play, the app's image and name, along with the developer's name are displayed. These developers are setting their names as fictitiously high download numbers, making users believe the app is popular, Malware Researcher Lukas Stefanko first noted on Welivesecurity. Instead of a developer's name, the title will read "100 Million Downloads," "5,000,000,000+," "Installs 100,000," and more.
SEE: Job description: Mobile application developer (Tech Pro Research)
Along with inaccurate download counts, malicious developers use key phrases to try and boost credibility. For example, Stefanko referenced phrases like "Legit Apps," "Verified Applications," and "Trusted Developers App" as common occurrences. Some developers even include the widely-known blue check mark symbol, which indicate that the user is "verified," and should therefore be trusted. However, Google Play does not provide any developer account verification feature, so any application with that badge should not be trusted, Stefanko emphasized.
Stefanko found hundreds of fake apps posing as legitimate downloads; however, most of these apps had no functionality or just displayed advertisements.
Business professionals can protect themselves from these ploys. Stefanko suggests four strategies to make sure you are downloading apps for trusted developers:
- Only look at the number of app installations under the "Additional Information" section at the bottom of the page, that is the official download number on the Google Play site.
- Google Play does not have the blue "verified" check mark symbol in its system. While it does have an "Editor's Choice" badge, that will be located in the top right corner of the application's Google Play page.
- Read the app's user reviews! Oftentimes users who have downloaded a fake app will comment a warning message.
- Lastly, if the app only has a small number of real downloads, or was added within the last few days, wait for other people to download it first and see if it's real.
For a list of great Android apps, check out our sister site CNET's top apps of 2018. Good luck and happy downloading!
The big takeaways for tech leaders:
- Beware of fake Android developers when hunting for business apps, as many are using inaccurate download numbers to trick users into thinking they are legitimate.
- Users can protect themselves by checking the correct download number, making sure the app doesn't have a "verified" badge, reading user reviews, and seeing how new it is to the Google Play store.
- Safely Satisfy Your Enterprise Android Sweet Tooth (TechRepublic)
- Update Android Version (ZDNet)
- Google Cloud Machine Learning Engine: The smart person's guide (TechRepublic)
- Android security: Malicious apps sneak back into Google Play after tweaks (ZDNet)
- Android Security Bulletin June 2018: What you need to know (TechRepublic)