+3 votes
85 views
in security by (242k points)
reopened
Detect fake apps

1 Answer

+4 votes
by (1.6m points)
 
Best answer

What are fake apps?
Recognize fake apps
Protective measures
Alternative markets
What to do in an emergency

Dangerous malware masquerading as a well-known app can wreak havoc on smartphones. We'll show you how to spot them..

image image

Apps that pretend to be another app can spy on data on smartphones, block functions and cause a lot of trouble. But don't worry, you can spot them and, with the right precautionary measures, eliminate them as much as possible.

What are fake apps?

Wow - a new Fakebook app with better encryption! Zack, tap, installed. That would already be a typical example of a fake app: At first glance it might sound like an update or a new client for the Facebook app, but instead you are bringing real malware onto your smartphone. Or on the computer - app stores are also increasingly being used under Windows. The app could now ask for rights: network access, access to contacts, camera, microphone and so on. And since you would assume in this case that it is the Facebook app, you would probably also freely grant all these rights - otherwise the app makes no sense, one might think.

Fake apps are apps that try to deceive the user by trying to give the impression of being another, completely legitimate app in order to first clear the permissions and then cause trouble. Here the scenarios are diverse: espionage, extortion, crypto mining and so on.

Recognize fake apps

Fake apps rely on the inattentiveness of the user. A similar logo and name should often be enough to fool smartphone users: Who reads every word carefully when installing an app on the train? A (made-up) fakebook instead of Facebook might still attract attention, because "fake" is already in the name - but even there you shouldn't bet on it. Alleged "misspellings" are a good starting point for possible fake apps.

It continues with the logos : A Facebook logo always looks the same - always! Suddenly there are no small deviations, different fonts, paler colors, reflections or the like. Pictures often catch the eye, even if you consciously don't notice. As soon as you have an unidentifiable, bad feeling, something does not seem right, take another close look at the logo and, if necessary, compare it with the logo of the provider on their website. Even easier: Search for the app you want in your provider's app store using the search function - the real app will almost certainly end up at the top..

image
Attention: Not every logo modification is a fake app! Many alternative apps for a service, here Telegram, use logo derivatives - questionable in terms of trademark law, but harmless.

And what ends up on top? Popular ! And that is exactly another indication of fake apps. If, for example, an app "Fakebook" or an app "Facebook Mega" - yes, name extensions are also popular with fake apps! - appears and has only been installed / downloaded 200 times, one can confidently assume Nepp. A real, regular app from large providers such as Facebook, Google, Twitter, SPON and so on has been loaded many thousands of times after a very short time.

Nevertheless, maybe you pressed the "Install" button in the hustle and bustle or out of carelessness - it is still not too late! Because, of course, fake apps want one thing above all: rights . With apps like messengers this is now difficult because the regular apps often want access to pretty much everything. In that case, things can go very quickly, you tap on "OK" and the malware runs. However, apps usually only require a few rights. For example, if a game asks for access to the camera or contacts, you should be skeptical. Whenever an app asks about rights that you don't take for granted, take a few seconds and double-check the app page in the store - you might find something suspicious..

image
It is best to check rights directly during installation / first start - you can often deny rights and the app will still work.

Also reviews can help. Neither negative nor positive user ratings necessarily give the right judgment for you. As with Amazon, they are purely subjective opinions for the one use case of the user - but they are not tests as one would expect from specialist media, for example. And yet: If there are mainly and tons of negative reviews, read through the reasons!

Protective measures

Protective measure number 1: Always download from a trustworthy store ! That doesn't mean that the official Android store Google Play is free from malware, on the contrary, but you can trust that Google will at least try to do everything against fake apps & Co. - there are certain controls. By default, smartphones do not even allow the installation of apps from other sources. This is an acceptable protection mechanism, but you will soon see that it can be very useful to deactivate this option.

Either way: an anti-virus app is also a good idea. For example, Norton checks every app that it installs. Viruses & Co. are (still!) Not a real problem on smartphones, but there are plenty of anti-malware solutions available free of charge and at best you won't even notice them. They just run in the background and protect.

Alternative markets

You can set up the authorization of installations from external sources in the smartphone settings by ticking the box. The disadvantage: You can then install apps offered by any website that go beyond the Google Play security mechanisms. And if you consider yourself a smartphone / computer layman - leave it alone! The advantage: You can also use alternative app stores such as F-Droid. F-Droid is a pure open source market, so all apps are also available in the source code. In addition, you will only find advertising-free and espionage-free apps here (even regular non-fake apps from Google Play sometimes spy ...).

Fake apps are unlikely to be a problem here. And for two good reasons: On the one hand, F-Droid is far too small compared to Google Play to be of any real interest to malware developers. On the other hand, there are simply few of the big, well-known apps here - so there is nothing to fake. Well, at least Telegram and Firefox can also be obtained from F-Droid. In general, you can actually install apps from F-Droid as you like, without having to worry about malware, espionage, advertising or fake apps.

image
Fossdroid.com is a nice interface for the F-Droid store - and only offers open source apps.

What to do in an emergency

If you only notice after installing and granting any rights that you have not installed Facebook, but Fakebook, it can be difficult. First of all, of course, you should uninstall the app . It's best to take a few screenshots of the wrong software beforehand - you never know what it's good for. Depending on the app and the rights granted and the extent of your worries, a reset of the device to the factory settings may also be appropriate. After all, it's hard to judge what a privilege malware can do. Here we will show you how to reset your Android device to factory settings.

Also changing the most important login data (Smartphone pin, Google account, logins saved in browsers) is not a bad idea. All in all, a lot of time is needed in such a case - and therefore the tip: Pay attention to correct logos, correct names, ratings, download numbers and plausible rights when installing!


...