A distinct emphasis on user experience and an ever-present keen eye on ways to attract new and ongoing revenue are the reasons big businesses have embraced mobile platforms in what could only be described today as a universally expected manner. Mobile apps are seemingly used for nearly everything. But with this dependence has awoken a dangerous impersonation scheme.
Fake mobile apps are now threatening businesses and consumers worldwide. Popping up at an aggressive tick, these malicious copycats are created to appear as if they are legitimate apps, but instead, they pack a powerfully malicious punch.
Also referred to as “cloned” or “counterfeit” apps, the fake apps are the brainchild of cybercriminals who are committed to not only making them look like the real deal, but also act like it as well. They mimic what seems like everything -- the logos, color schemes, formats and processes seen in the user interfaces of popular brands. Fake apps easily trick users who might believe they’re downloading a trusted app one moment, only to find their sensitive information in criminal hands later.
Regardless of strict security checks and vetting processes, fake apps can occasionally make their way into official app stores such as Google Play and the Apple App Store, ultimately “breaking” into consumers’ devices even though it was the user themselves who opened door for the crooks. After an innocuous user installs the fake app, the cybercriminals behind it can cause many types of malice — from installing spyware to kickstarting phishing campaigns and more.
These counterfeits very much resemble legitimate ones. Their names are often almost identical to the real app, with only minor variations like one different letter or one different symbol. And these apps also appear in unofficial app stores – and can stay there unimpeded even if they’ve been removed from the unrelated official app stores months ago. After all, there’s obviously no connection between the unofficial and official stores.
Why fake mobile apps harm app manufacturers
There are three top ways a legit app owner (the manufacturer or business offering the app) can be negatively impacted by their copycats. They surround the lifeblood of most businesses: their revenue, reputation and legal footing:
- Lost Revenue – By diverting either potential or returning users away from the true mobile app, a business can end up directly losing revenue. And what’s the likelihood that a user who was duped by a fake app is going to spend additional funds on the legit app right after they discover they’ve been scammed during their first attempt?
- Reputational Woes – This is one case where imitation is not necessarily the greatest form of flattery. After all, what business wants prospective users to have any negative experience associated with their brand. Users don’t care that large and successful businesses are so well known that they’re copied. They simply want a solid user experience. The tarnishing of a brand is usually difficult to overcome, even if the instigator of the turmoil isn’t connected to the brand whatsoever. Additionally, damage can be particularly severe if the fake app results in data breaches or financial loss for users. Who wants users to place blame on the real company for not safeguarding their info?
- Legal Issues: Fake apps could perhaps even lead to legal challenges for legit app manufacturers despite their lack of any real connection to maleficence. If users’ data is compromised through a fake app, the legit company might face lawsuits or regulatory scrutiny especially if it’s perceived that the company didn’t someone take measures to prevent the spread of the threat. Who wants to end up in a courtroom over a cybercrook’s desire to impersonate their business?
Ultimately, fake apps present several dangers for the end user, including overlay attacks that place fake input screens over the phones screen, trojans that can send unauthorized text messages or take over a camera or mic, spyware that monitors information and sends it to third parties, and phishing that can steal credentials for real websites and wreak havoc. It can be a real mess.
To fight the growing problem of fake apps, it’s important for app publishers to stay one step ahead. First, protect apps with multi-layered security features that harden its code and make it tougher for copycats to hack and mimic. Keep an eye on both official and unofficial app stores – if a fake is spotted, report it and push for its removal as quickly as possible. Also, make sure an app stands out by using App Store Optimization (ASO). Consistent branding, clear descriptions, and regular updates can help an app be more recognizable and easier for users to find.
Educating app users is key, too. Show them how to spot the legit app and encourage them to download only from trusted sources like the official website or reputable app stores. Investing in anti-fraud tools can also help organizations learn when fake versions of an app pop up. Don’t forget to protect brands with trademarks, including an app’s name, logo and other key elements, and enforce these to keep copycats at bay. By taking these steps, app owners not only protect their revenue and reputation but also keep their users’ trust intact.
Tom Powledge is head of cybersecurity business at Verimatrix (www.verimatrix.com).