There are an enormous number of fake applications that linger within the Google Play app store, this week’s blog is designed to raise awareness of fake applications and how to best identify them.
Recently, an attacker had uploaded three banking applications onto the Google Play app store to harvest banking information from unsuspecting users. The application presented users with a form asking for name, card number, expiration date and CVV, shortly followed by a login screen. Rather than redirecting users to their bank with this information, the attacker stole this information and told users “A customer service representative will be in contact shortly”. This is a perfect example of an application solely designed for phishing bank account and login information – the main aim being to look as authentic as possible.
How can you protect against fake applications?
There are three steps you can take against these kinds of applications:
1) Check the number of downloads – for example, when searching for “WhatsApp”, if you see multiple entries with the same logo, always choose the one with the most downloads and reviews. It is likely to be the most reputable.
2) Check the name and company – Take extra care and check that the company name is spelled correctly. For example, SwiftKey have recently had an incident where a fake named ‘Swift Keyboard’ had been created.
3) Check the reviews – consistently low ratings may sometimes be a bad sign, especially if there are multiple copies of that application on the Google Play store.
Fortunately, Google are adding more features to protect against this. Namely, Google Play Protect aims to scan all apps for malware before or after you install them to ensure they are safe. However, make sure to incorporate your own research before downloading applications onto your phone.