It’s bad enough that Pokemon Go users have to dodge obstacles while playing the game, but now they must be able to uncover whether their favorite game is a fake app that could do malicious things to their phone.
Mobile security company Zimperium has put out the alert to make sure users are cognizant of these apps when they head into app stores. Verified app stores, like Google and Apple, are working hard to secure and improve app security, said John Michelsen, chief product officer at Zimperium. Both marketplaces add protection layers to ensure apps are verified and sandboxed, but serious risks still fall through the cracks and new fake apps appear every day.
For example, in the past few months rogue apps from developers in China have slipped through Apple’s process and masqueraded as big retailers like Nordstrom, Dillard's and Zappos.com over the holidays, the Marcher malware poses as the Super Mario Run gaming app, and malware-infected versions of Pokemon Go.
Fake Android Prisma apps are running phishing, malware scam as well. Most of the fake apps had no photo editing function rather they infected users’ device with adware and malware. Before Google Play removed those apps, 1.5 users downloaded
Gooligan malware can either be installed via downloading one of 86 infected fake apps through a third party app store or falling for a phishing scam, such as clicking on a fraudulent link in an email.
Michelsen has provided these tips to help identify an imposter app:
- Avoid third-party app stores: only download apps from official app stores; never accept downloads from “unknown sources.” Installing Android apps outside of Google Play makes it around 10 times more likely to have Potentially Harmful Applications.
- Look for butchered English: the majority of fraudulent apps are developed where English proficiency is weak, so it’s important to check for any spelling mistakes or grammar errors in the description and/or title. If it seems suspicious, don’t download it.
- Read app reviews: a real app will likely have hundred to thousands of reviews, while a fake app will likely have zero. In some cases, users may even warn you if the app has proved to be illegitimate. Additionally, if there isn’t an email address listed for support and legit looking website, it’s likely phony.
- Beware of retailers with no app or numerous apps: users should check the company’s official website to see if there’s a link to their app in the App Store or Google Play to confirm they have an app. Organizations without an app, like Dillard’s, are the most vulnerable because users assume that if it is the only app, it must be legitimate. Alternatively, companies with multiple apps are at risk as users may assume that all of the applications are safe if they’ve previously used other applications under the same umbrella.