Fake apps run wild, what you can do

There are some seriously great Android phones out there, but they can be hampered if they get the wrong app, because there are a lot of fakes on the Play Store.

News from Australia this week, as researchers at the University of Sydney have been looking through a staggering amount of apps — one million, to be exact — and have found something rather alarming: there are a lot of fakes.

In an era where the term “fake” can be thrown around as if it can mean anything, the idea of a “fake app” can seem a little crazy. However, with security being the frequent problem that it is, a “fake app” tends to pose security risks.

Technically, a fake app is any app that tries to disguise its true nature by impersonating another more commonly known app. It’s like if you wanted to get a copy of a famous messaging app, but end up getting something similar that isn’t it. You may end up transmitting details and joining up with a service you didn’t intend to join, thereby providing access to something you might not want.

Fake apps are common enough, and back when Windows Phone was a thing (before Microsoft pulled the plug), we recall that store being filled with fake apps for games.

It’s a little bit different on the Android side of things now, and as part of a two year cyber security project, researchers at the University of Sydney have uncovered 2,000 apps that qualify as fakes, with people downloading them.

They include poor clones of games, and are frequently used by criminals to steal information.

“Many fake apps appear innocent and legitimate — smartphone users can easily fall victim to app impersonations and even a tech-savvy user may struggle to detect them before installation,” said Dr. Suranga Seneviratne, Academic and Cybersecurity Expert at the University of Sydney’s School of Computer Science.

“In an open app ecosystem like Google Play the barrier to entry is low so it’s relatively easy for fake apps to infiltrate the market, leaving users at risk of being hacked,” he said.

That’s potentially bad news for folks not paying too much attention to what they install and download, though there are some tips worth paying attention to.

One obvious one is to search for apps on the official Google Play Store. Depending on your device, there may be secondary app stores installed, possibly something you did without realising it by installing an app from an unknown source.

Google’s Play Store does have a form of malware protection inside, and it can scan over files uploaded to its system, but that may not prevent you from installing the wrong app, especially if you’ve downloaded an alternate app marketplace to an Android phone.

Another tip is to check the reviews of the app, because chances are if it’s the real thing — if it’s legit — it should have a lot of downloads and quite a few positive things to say.

“Look at the application’s release date and version history and read its reviews,” said Aaron Bugal, Global Solutions Engineer at Sophos.

“A brand new app with thousands of five-star reviews seems odd, especially if it’s not recommended by other media outlets,” he said.

“If you want a new game, productivity app or something else to pass the time, then you should use a search engine and find something that has a consensus of positive reviews.”

Finally, check the permissions an app is asking for access to. Does a game really need access to your phone dialler and messages? Probably not, and so you may want to limit its access to stop it from doing anything nefarious.

Ultimately, if you’re unsure about the app in question, consider uninstalling and moving on. That’s one way to calm that Spidey sense.