View research paper: Fake Apps: Feigning Legitimacy
There’s an app for everything, and soon, there will be fake apps for each real app, too.
Nearly 40 of the top 50 free apps in Google Play now have fake counterparts available for download on both official and third-party app stores. These fake apps span a wide range of categories, including business, video, and games.
Fake apps are also called repackaged apps because cybercriminals have found ways to use the original app packaging to to pass of their malicious counterparts as the real deal. Here are a few samples:
When our researchers examined these fake apps, they found that there are three types: harmless copycats, mobile malware, and high-risk apps.
The harmless copycats are just there to rake in an unsuspecting user’s money. Every purchase of a copycat means profit for cybercriminals. Generally, these copycats do nothing harmful on the device. Mobile malware, on the one hand, are outright malicious. They canabuse premium services, hide SMS messages, or even make the device mine digital currency.
Bordering on being malicious are high-risk or potentially unwanted apps. These are apps that often annoy users by aggressively displaying unwanted ads. They can also become threats to privacy since they have the ability to collect personal and device information without the user’s knowledge or consent.
We have already detected a combined two million of these malicious and high-risk Android apps as of the first quarter of 2014. This figure alone indicates that there is a higher chance of encountering high-risk or malware fake apps than just mere harmless copycats.
Fake apps should not be taken lightly, seeing how cyberciminals have already begun using them in their schemes. The bad guys peddle malicious repackaged apps to users who unwittingly download and install them on their devices. Once the malicious apps are up and running, they gather personal information, which cybercriminals can sell for more profit or use in other schemes.
So how can mobile app developers and users deal with fake apps?
Developers can look into complex file encapsulation or encryption techniques when creating apps. Doing so can deter cybercriminals from repackaging them.On the flipside, users need to be more cautious when picking and installing apps. They can start by downloading apps only from trusted sources and then assessing the amount of permissions they grant each app. As a final layer of protection, they should also invest in an effective mobile security solution that works for them.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.