How to identify and avoid fake apps (2024 guide)

With smartphones, you have access to apps—like a VPN download— that do amazing things at the touch of a button. However, there are also bad apples: fake apps that trick you into parting with your money. In some cases, they might steal your information or install malware on your device.

Jump to…

What is a fake app?
How to identify fake apps
What to do if you have a fake app on your phone
Types of fake apps
Why are fake apps dangerous?
Threats that a fake app could bring
Most common categories that get faked
How and why do fake apps end up in official app stores?
Will anything change with the new EU rules for iOS?

What is a fake app?

Fake apps are designed to look and function like the legitimate apps you’re familiar with. However, they will carry out malicious activities, such as monitoring your device activity, displaying unsolicited ads, tracking you, or installing malware on your phone.

Where do fake apps appear?

There are several ways fake apps will work their way to you. Believe it or not, fake apps typically appear in official app stores! They can also work their way through phishing scams and fake app stores.

In official app stores

While app stores should review all apps and developers, thousands of fake apps sneak their way in each year. Here’s how fake mobile apps end up in official app stores.

1. Attackers register themselves as a developer on any app store.
2. They’ll download the legitimate app and get its code.
3. They’ll rewrite the code by including malicious code to make the fake app.
4. The fake app gets uploaded to app stores.

In phishing attacks

Another way fake apps can get to you is through phishing scams. Attackers can pose as a legitimate service you’re using in an email or SMS. They’ll trick you into downloading an app, which will steal your personal information or spread malware on your devices.

How to identify fake apps

We live in an era of counterfeits as they exist in almost every industry sector. To outsmart them, it lies with whether you can identify the fake from the real ones. As for fake apps, we’ve collated a list of clues you can use to spot them.

1. Check the download count

Popular apps can easily have thousands of downloads, if not millions. If you see a popular app with a surprisingly low download count, it’s an obvious red flag.

2. Check the app icon

Fake apps will also display an app icon that looks similar to a real one, usually by employing the same color and shape. It plays on our familiarity with these brands so we won’t question their legitimacy.

3. Take note of the release date

Most popular apps have already been on the market for a while. So if you see a popular app that was only recently released, it’s likely it’s a fake app. Don’t confuse the release date with the date of the last update, as that should be recent. Recently updated apps indicate that the developer is actively maintaining it, which is a good thing.

4. Read the reviews

It’s always wise to read the app’s reviews before downloading it. Here’s how reviews can give away whether an app is fake or not.

• If an app is fake, users usually complain about it in the review section.
• If the reviews sound too good to be true, the app is probably fake, too. Needless to say, those are fake reviews created by fake app creators.

5. Research the developer’s name

Every app has a developer, which is essentially the company that created the app. Fake apps can use a developer name that has a similar spelling to its original counterpart. When in doubt, research the developer’s name to find out more about them. Make sure you’re downloading the app from a real developer, as hackers can sometimes try to leverage the popularity of another company to trick users.

6. Look out for typos, grammar mistakes, and low-quality branding

Typos and grammatical mistakes should be uncommon with legitimate app developers, as they usually have a team of editors taking care of the copy before releasing their apps. If an app you’re trying to download has an obvious typo or grammar mistake in the app name or app description, it’s probably fake.

The same is true for low-quality branding and icons. Many fake apps don’t invest in real-looking brands or assets, so low-quality images can also indicate that an app is fake.

7. Review the app permissions

Granted, terms of service agreements are boring to read! But when you’re in doubt of the legitimacy of an app, be mindful of the permissions you’re asked to give. Fake apps often have strange and unrelated app permissions requests. For example, a photo editing app asking for your contact list is definitely a red flag.

8. Check the file size

How much storage an app uses on your phone can tell you a lot about what’s potentially going on. Unusually large or small sizes could be indicative that something’s wrong. For example, if an app is too large, it could be hiding some malicious payload, or if it’s too small, it could indicate that it’s incomplete or missing some important functionality.

9. Unnecessary personal information requests

Since most scam apps want to harvest as much data as possible, an important clue is determining whether the app is trying to get information that it doesn’t need to perform its intended task. If you download an app and it asks for access to parts of your device that don’t seem relevant, it’s a red flag.

10. Forced or more expensive subscriptions

Hackers know which apps are more popular, so they try to use that interest to charge people more. Be suspicious of apps that ask you to pay for features you don’t need or that should be free.

11. Too many ads

While arguably some legitimate apps already have excessive ads, fake apps usually take it to the extreme so they maximize their revenue. If an app has so many ads that it becomes borderline unusable, chances are it’s fake, especially if they try to force you into subscribing for a high price (see previous point).

12. Unrealistic service

Fake apps often try to lure customers with promises that seem impossible to fulfill. Examples of these could be offerings of a well-known service for a lower price.

A good example of this is ChatGPT apps; a good number of apps that say they let you access the latest GPT for free are fraudulent. That said, Microsoft Copilot is legitimate, so it’s important you exercise caution but also understand there are lots of great apps out there that provide real value.

What to do if you have a fake app on your phone

If you suspect you have a fake app on your phone, follow these steps to remove it:

1. Delete the app to stop it from causing more damage to your phone.
2. Restart your phone. If you want to be safer, factory reset your phone, as this can remove any malicious program on your device. However, this will also wipe everything else on your phone.
3. If you’re on Android, run a full scan with an antivirus app.
4. Report the fake app (to your app store and the business it’s trying to exploit).

How to report fake apps

If you identify a scam app or fake app, report it to the app store carrying it and spare no details in your review to help others stay clear of these fraudulent apps.

On iOS, you can report an app by visiting reportaproblem.apple.com, signing in with your Apple ID logins, then reporting the item or app in question.

For Android, you can do it in one of two ways:

• On Google Play Store, first search for the app’s listing > tap on the three-dot ⋮ menu in the top-right section > tap “Flag As Inappropriate” > select the category for “Harmful to Device or Data” > click Submit.
• On the Google Play Store Website, search for the Report Inappropriate Apps form and fill in the relevant details.

Types of fake apps

Not only do fake apps appear in different places, but they can also take on different forms. Generally speaking, fake apps can fall under two categories.

The counterfeit

These fake apps look similar to a real one. This means they have a similar logo and an app description that’s stuffed with keywords that appeals to users looking to download the real app.

The repackage

Repackaging is a technique used by attackers to generate a fake version of a legitimate app. This can be done by modifying the source code of the real app, sometimes given out by the legitimate app developer for public access. The attacker will add ads to the code and release it on app stores as a legitimate one.

Fleeceware apps

These types of scam apps charge high fees while offering little or no functionality. One example detailed by the Washington Post is a paid QR code reader app, which is unnecessary since all smartphones are able to scan QR codes. This particular app had made 879,000 USD off App Store customers. Fleeceware apps may promise a free trial for a set duration but charge you ahead of the end date or fold in hidden ongoing fees without an easy way to unsubscribe.

Scareware apps

In some cases, ads scare users by showing them false messages about viruses detected, with links to the scam app that users think they need to fix the problem. In many cases, scareware points users to fake VPN apps. Another scare tactic is a free app showing the user-invented messages about viruses or vulnerabilities that they can cure by upgrading to a paid version of the app.

Why are fake apps dangerous?

It’s because fake apps are usually apps created by cybercriminals to harm users and their devices. They are designed to resemble legitimate apps but instead carry out malicious activities.

• They might invade your privacy: Once you grant permission to these fake apps, they can attempt to access your device, whether it’s your location, camera, or microphone.
• They might infect your phone with malware: Fake apps can infect your phone with different types of malware, such as adware, spyware, and ransomware.
• They might try to scam you: A fake app’s purpose could be to sell you goods and services that don’t exist, or invest in crypto that’s also nonexistent. Or it could be a phishing tool to try to get you to divulge personal information like passwords.

Threats that a fake app could bring

Once they’re on your device, fake apps can make your life more difficult in a number of ways. These range from annoyances such as more spam to various forms of fraud, and even extortion via ransomware. Here are 11 reasons to keep fake apps out of your life:

• Ad bots: Fake apps often display a lot of unwanted ads while you’re using it as a way to rake in ad revenue.
• Billing fraud: Fraudulent apps can make random charges against your credit card without your consent.
• Botnet: The app will secretly use your phone as part of a spam campaign or DDoS (distributed denial of service) attack. Learn more about what are botnets and how you protect against them.
• Hostile content: Fake apps can display inappropriate content, like hate speech and extremism.
• Hostile downloaders: The fake app itself perhaps doesn’t do much harm, but it will start downloading apps that will.
• Phishing: A fake app can trick you into entering your login credentials. The attacker will then intercept your information on the other end for malicious uses. Here’s the ways to prevent phishing attacks.
• Ransomware: Bogus apps can infect your phone with ransomware. Typically, it can lock up your phone until you pay a ransom to get it unlocked. Learn more about What is ransomware and how to prevent it.
• Rooting: Rooting is an act of gaining administrative access to a phone’s operating system. It’s not a bad thing, as a lot of people root their phones for greater customizations. But rooting malware can gain access to your phone and do harm to it through fake apps. Another thing to notice is that you’ll likely find rooting malware in apps that have nothing to do with rooting.
• Spam: In this example, fake apps will send out unsolicited messages and malicious spam to your phone contacts.
• Spyware: Spyware can sneak its way to your phone through fake apps. It’ll secretly gather information about you and relay this information to other parties. Learn more about What is spyware and how to remove it.
• Trojan: Trojan malware can hide in fake apps and will be installed after you download the fake app. (Read more: The uncrackable Android trojan: What is xHelper?)

Most common categories that get faked

Fake game apps

Gaming apps are among the biggest targets for hackers who make scam apps. This is partly due to the popularity of online gaming and MMOs (Massive Online Multiplayer games). Another thing that makes games such a big target is the current freemium model that most games adopt. Hackers can easily trick users into spending real money in the form of microtransactions that add up quickly.

Another way in which hackers target games is by making almost exact copies of the most popular games. They would create a similar game, usually with fewer features, fill it up with ads, and use a similar name and icon to the original one.

Fake banking apps

Another attractive target for fake apps is banks, and it’s easy to see why. Banking apps handle some of the most private pieces of information we use online, so if hackers could get a hold of your banking information, they could easily impersonate you to steal money from you.

Fake dating apps

So you download a dating app and an attractive single starts sending you messages. You’re eager to respond—but the app tells you to upgrade to a paid version in order to continue the conversation. Yes, it’s all a scam.

Fake crypto apps

In March of this year, ExpressVPN helped to analyze apps purporting to be crypto wallets. These apps were particularly malicious, as they weren’t scamming users out of app fees but actually getting them to enter their crypto private keys, which unlock their crypto accounts, into the app.

How and why do fake apps end up in official app stores?

There are many reasons why hackers create these fake apps, but they all can be boiled down to either data collection or outright scams. 

The idea behind data-collecting fake apps is that you use them as much as possible so that the information the app collects about you can then be used to build a profile of who you are, where you live and work, which websites you visit, etc. This is then sent to data brokers who sell it to advertising companies that serve you extremely targeted ads.

Scam apps, on the other hand, use a different tactic. The most common one is to make an app similar to one that’s already popular and then charge a high price for microtransactions or a subscription.

As to why these apps end up on the official app stores, it comes down to sheer numbers. Google and Apple review all apps submitted to their app stores, but there are thousands of apps submitted per month. Some slip through. 

Will anything change with the new EU rules for iOS?

With the introduction of alternative app stores (AltStores) on iOS due to the European Union’s Digital Markets Act (DMA), there will indeed be potential changes in how apps, including fake apps and emulators, are distributed and managed.

As more stores become available, the risk of encountering fake or malicious apps could also increase. Third-party app stores might not have the same stringent app review processes as Apple’s App Store, potentially allowing more fake apps to slip through. Also, apps from less regulated stores might not adhere to strict privacy policies, potentially exposing users to greater privacy risks.

There are also less stringent guidelines for the normal App Store now, which could lead to fake apps as well. One such example is allowing emulators. iGBA was approved on the App Store, but Apple found that it was a knockoff version of the popular GBA4iOS emulator with lots of ads on top, so it was quickly removed.

If you choose to use apps from any AltStore, either from iOS or Android, make sure to exercise caution and follow our tips to stay safe.