Fake apps: What they are and how to spot them

What are fake apps?

Fake apps are malicious applications that pose as legitimate ones. They are designed to carry out a variety of attacks, including injecting malware, performing data theft, and cryptojacking. While commonly found in third-party app stores, they occasionally sneak into official app stores too. 

How do fake apps work?

Fake apps—sometimes called trojans—deceive users by mimicking the names, logos, and designs of legitimate apps, making them appear trustworthy. These apps often include fake reviews and ratings in app stores to further convince users to download them.

Fake apps are often distributed via third-party app stores, which may have minimal verification processes. While official app stores like the Google Play Store and Apple’s App Store have stricter verification procedures, some fake apps still slip through, so it’s important to remain vigilant.

Some fake apps may alter their code or present seemingly legitimate content during the review process, only revealing their malicious nature once they’ve been approved and uploaded to a store.

Fake apps can also be spread through social engineering ploys. Scammers may send emails or links, posing as trusted entities like your bank or a messaging service, to deceive you into downloading their fake app.

Threats posed by fake apps

Once downloaded, fake apps can pose numerous threats, primarily centered around stealing personal information or gaining device access. The goal could be identity theft, financial scams, or a whole host of different malware infections.

Here are some common threats posed by fake apps:

• Personal data theft and privacy breaches:  Fake apps can be used for identity theft by stealing your personal data. This data may include names, home and email addresses, and login credentials.
• Financial fraud and scams: Financial information like banking details and banking app login credentials can be used for financial fraud and scams. Fake apps can deceive you into entering this data or spy on you as you enter it legitimately.
  
• Malware: Fake apps can contain harmful malware. Androids and iPhones can get viruses even though there are safeguards in place. If your phone does get infected, you can remove malware from Androids and iPhones.
  
• Rootkits: Fake apps can contain rootkits, a nasty form of malware that bypasses security measures to get “backdoor” access to your device. Rootkits enable hackers to remotely control your phone so learn how to remove a hacker from your phone.
  
• Ransomware: Ransomware is malware that steals your personal data or locks your device, and then demands payment to reverse the attack. Fake apps are a useful attack vector for ransomware attacks, as the apps can ask users to grant them the access permissions they need.
  
• Spyware: Fake apps can also infect your device with spyware. If your phone is monitored by spyware it could track your activity and location, record your keystrokes, access your personal information, or even snoop on you via your camera.
  
• Fake antivirus: Fake apps masquerading as antivirus programs, known as scareware, are designed to scare you with fake threat alerts—tricking you into paying for their removal. Besides taking your money, fake antivirus may also contain real threats.
  
• Spam: Some fake apps pester you with spam, often in the form of adware where you’re bombarded with ads, or it could be push notifications or messages. Spam messages and ads can include links to malicious websites or malware-infected attachments.
  

Types of fake apps

Like real apps, fake apps can take many forms and are influenced by the availability and popularity of the real apps that they try to imitate. Some fake apps closely copy trusted and established apps, while others claim to be alternatives to their legitimate counterparts.

Here are common types of fake apps to watch out for:

Fake text apps

Fake text apps appear as legitimate secure messaging services such as WhatsApp or Signal. For hackers, fake text apps are rife with opportunity because they contain lots of private data within your conversations and a list of contacts. These fake apps can send spam to your contacts, steal personal data, or distribute malware.

Fake game apps

Fake game apps may impersonate popular games, or tempt players with a new concept. Once installed, they hit players with intrusive ads or pop-ups, steal personal data, or spread malware. Fake game apps can also trick users into making in-app purchases for features that are usually free on legitimate apps.

Fake banking apps

Fake banking apps echo the look and functionality of well-known banking apps.  These fake apps deceive you into giving up your banking credentials or financial details, which are then stolen. With fake transaction requests, you could even be duped into transferring funds to cybercriminals.

Fake dating apps

Fake dating apps match the look and feel of real dating apps—but you won’t find love on them. Instead, these apps are riddled with fake profiles for catfishing and romance scams to try and trick you into sending money to prospective (fake) romantic partners.

Fake installer apps

Fake installer apps imitate genuine installer apps for popular software. While legitimate software updates are crucial for the functionality and security of software, fake installer apps are malicious. They can spread malware, steal data through phishing schemes, and install unwanted software, such as adware or spyware.

How to spot a fake app

While designed to be deceptive, you can spot a fake app if you know what to look for. Fake apps often try to match the look of legitimate apps—but fall short. It’s also important to research online before downloading anything: reading reviews, looking at download stats, and verifying the developer are the best ways to identify fake apps.

Here’s how to spot a fake app:

Examine the icon

Fake apps often try to replicate the logo of legitimate apps, but something is usually off. The colors or fonts may be inaccurate, or the icon may be a poorly produced copy of another app’s icon.

Look for grammatical errors

Legitimate app developers are attentive to grammar, but fake app developers often are not. If you notice consistent grammatical errors in an app’s description, you may be dealing with a fake.

Check download numbers

Popular apps often have millions of downloads, while fake apps will likely have far, far fewer. Your app store will list these figures, so check them before downloading. If you want to download Instagram and the app you’re about to click only has 100 downloads, you know it’s a fake.

Look at the release date

Conversely, if an app is recently released but has a high number of reviews or downloads, it may be a fake. Legitimate apps need time to grow a reputation, while fake apps may manipulate their numbers to get you to download them.

Check user reviews

Fake apps may have low ratings and numerous bad reviews—or a steady stream of unnaturally positive ones. Bad reviews speak for themselves, but if something seems “off” with the positive reviews, it may be a fake app.

Research the app developer

Firstly, does the developer’s name match the app? In the example below you can see that the last Messenger app is by FORBIS s.r.o. If the name’s not what you expect, stay clear.

If you’re not sure, Google the name of the suspected fake app developer. Fake app developers often try to hide by not having a website or available contact information. They may also try to emulate the name of a legitimate developer, or try to appear as a new one.

Double check permissions

Review the app’s permission agreement for any unnecessary authorizations. Fake apps rely on users quickly downloading them without checking what device permissions they’re granting.

Check update frequency

Frequent updates could indicate a fake app with numerous security vulnerabilities. Additionally, fake apps may use frequent updates with minimal changes as a ploy to remain in app stores or bypass security measures on your device.

What to do if you’ve downloaded a fake app

If you’ve downloaded a fake app, act quickly to secure your device and data. The longer the fake app remains on your device, the more potential it has to cause harm.

Here’s what to do if you download a fake app:

• Delete the app: Delete the fake app from your device to prevent it from accessing your personal data or gaining backdoor access to other areas of your device.
• Factory reset your device: If you can’t delete the app, a factory reset will delete all your downloaded apps and data. This will wipe away the fake app—along with everything else. So first backup your photos and other important data and restore them after the factory reset.
• Scan your device with security software: Robust security software will scan and help remove stubborn malware or lingering threats from your device. Norton 360 Deluxe provides powerful malware, ransomware, and hacking protection from fake apps and other threats.

Keeping your device safe is critical, but it doesn't have to be difficult. Read our guide to mobile security for tips and tools to help keep your phone safe and secure.

How to avoid fake apps

Fake apps are deceptive but can be avoided by following cybersecurity best practices when downloading apps. Here's how to steer clear of fake applications:

• Download only from official stores: Reputable app stores like Google Play and Apple’s App Store have safety measures to help detect and remove fake apps.
• Read user reviews: Read both negative and positive reviews. Consistently bad reviews about security, functionality, or excessive permission are all red flags. Too many gloating reviews could also signal a fake app.
• Be cautious with app permissions: Fake apps may request permissions from your device that are unnecessary for their functionality. Learn how to tell if an app is violating your privacy.
• Stay informed about security threats: By researching security threats you’ll get a fuller picture of the threatscape, which may help you anticipate attacks before they strike. There aren’t just fake apps to worry about, even legitimate apps can pose threats via riskware.

Keep your devices safer

Fake apps are just one of the threats to your private data and devices. That’s why you need a comprehensive cybersecurity tool like Norton 360 Deluxe. Powered by an award-winning anti-malware engine and featuring a built-in VPN, scam protection, and more, Norton 360 Deluxe helps protect against fake apps and keep you and your devices safer online. Get it now and protect up to five devices with one subscription.

FAQs about fake apps

Still got questions? We got answers. Here are some frequently asked questions about fake apps:

How do fake apps end up in official stores?

Fake apps end up in official stores due to human error and the high volume of app submissions for review. Some fake apps may manipulate their code or present legitimate-looking content during the review screening process, only to swap it out for malicious content once active in the store.

How many fake apps are there?

The number of fake apps is constantly in flux, with new ones being created as old ones are removed. In 2023, Google rejected more than 2 million risky apps from the Play Store. In 2023, Apple rejected 1.7 million apps for failing to meet its standards for the App Store.

Do Androids have more fake apps?

Androids may have more fake apps simply due to their open ecosystem, which allows apps from various sources, not just Google Play. Android also has a larger mobile market share, making it a bigger and potentially more attractive target for hackers.

How do I know if an app is legit?

To verify the legitimacy of an app, research the developer and check reviews, ratings, and the number of downloads. Also, review app permissions carefully, as fake apps often ask for more permissions to get deeper access to your phone.