How to find fake apps, detect and identify to remove it
Apps that pretend to be a different app can spy on smartphones, block functions and cause a lot of trouble. But do not worry, you can recognize them and exclude them as far as possible with the right precautions.
Wow – a new fakebook app with better encryption! tap, installed. That would already be a typical example of a fake app: At first glance, it might sound like an update or a new client for the Facebook app, but instead, it will get you real malware on the smartphone. Or even on the computer – App Stores find finally also under Windows increasingly use. The app could now ask for rights: network access, access to contacts, camera, microphone and so on. And since you would assume in this case that it is the app of Facebook, you would probably freely grant all these rights – otherwise the app makes no sense, you might think.
Fake apps are apps that try to deceive the user by trying to give the impression of being another completely legitimate app, first clearing the rights releases and then causing trouble. Here are the scenarios varied: espionage, extortion, crypto mining and so on.
Fake apps rely on the inattentiveness of users. A similar logo and a similar name should often be enough to fool smartphone users: A (fake) Fakebook instead of Facebook would perhaps still attract attention, because “Fake” is already in the name – but even there you should not bet on it. Alleged “spelling errors” are definitely a good starting point for possible fake apps.
It continues with the logos : A Facebook logo always looks the same – always! There are not suddenly small deviations, other fonts, paler colors, reflections or the like. Pictures often catch the eye, even if you do not notice it consciously. As soon as you have a feeling that is not identifiable, something that does not look right, look at the logo again and compare it with the provider’s logo on its website. Even easier: Search for the app you want to have in the app store of your provider through the search function – with almost certainty, the real app lands at the top.
Note: Not every logo modification stands for a fake app! Many alternative apps for a service, here Telegram, use logo derivates.
And what ends up? Popular ! And that’s another indication of fake apps. For example, if an app “Fakebook” or an app “Facebook Mega” – yes, name extensions are also popular with fake apps! – emerges and was installed/downloaded only 200 times. A real, regular app from major providers such as Facebook, Google, Twitter, SPON and so on has already been downloaded thousands of times in a very short time.
Still, maybe in the hustle and bustle or inadvertently you hit the “install” button – it’s still not too late! Because fake apps of course first of all want one thing: rights. For apps like Messengers this is difficult, because even the regular apps often want to have access to just about everything. In that case it can happen very fast, you tap on “OK” and the malware is running. Most apps but need only a few rights. For example, if a game asks for access rights to the camera or contacts, you should become skeptical. Whenever an app asks for rights that you do not take for granted, take a few seconds and review the store’s app page again – maybe there’s something suspicious.
It is best to check rights directly during installation/initial startup – you can often refuse rights and the app will still work.
Also reviews can help. Neither negative nor positive user ratings necessarily give the right judgment for you. As with Amazon, they are just subjective opinions for the one use case of the user – but they are not tests that are expected of trade media. And yet: If there are mainly and a lot of negative reviews, read through the justifications!
Protective operation # 1: Always download from a trusted store ! That does not mean that the official Android store Google Play is free of malware, on the contrary, but you can trust that Google is at least trying to do everything against Fake Apps & Co. – there are some controls. By default, smartphones will not allow the installation of apps from other sources. This is an acceptable protection mechanism, but you will soon see that it may be useful to disable this option.
Either way, an anti-virus app is also a good idea. For example, Norton checks every app to install. Although viruses & Co. are not really a problem on smartphones (yet!), Anti-malware solutions are plentiful and free and at best you will not get anything out of them. They just run in the background and protect. it’s usefull for How to find fake apps, detect and identify to remove it question.
Allowing installations from outside sources can be checked in the smartphone settings. You can then install apps offered by any website, beyond the Google Play security mechanisms. And if you consider yourself a smartphone/computer layman – leave it! The advantage: You can also use alternative app stores such as F-Droid. F-Droid is a pure open-source market, so all apps are also in the source code. In addition, you will find only advertising and spy-free apps (even regular non-fake apps from Google Play spy sometimes …).
Fake apps are unlikely to be a problem here. And for two good reasons: First, F-Droid compared to Google Play is far too small to be really interesting for malware developers. On the other hand, here are just a few of the big, well-known apps – so there’s nothing to fake. Well, after all, Telegram and Firefox are also available through F-Droid. In general, you can actually install F-Droid to your heart’s content without having to worry about malware, espionage, advertising or even fake apps.
Fossdroid.com is a nice interface for the F-Droid store – and offers only open source apps.
If you realize after installing and granting any rights that you have not installed Facebook but Fakebook, it can be tricky. First of all, you should of course uninstall the app. It’s best to take a few screenshots of the wrong software before – you never know what it’s good for. Depending on the app and granted rights and extent of your concerns, but also a reset of the device to factory settings may be appropriate. After all, it’s hard to judge what a malware did.
Also changing the most important login information (smartphone pin, google account, logins stored in browsers) is not a bad idea. All in all, a lot of time goes into such a case – and therefore the tip: Pay attention already during the installation on correct logos, correct names, evaluations, download numbers and plausible rights!