For years, reports citing malicious Android apps have been in the headlines. Apps have been known to deliver malware to devices, mine sensitive data and bombard users with ads without their consent. So how do you spot them?
Review the search results
Search results can be the first indication that fake apps are available. If you search WhatsApp, for example, and a few identical listings appear, chances are some of them are fake. Fake apps will almost always use the icon from the app they’re trying to mimic, so proceed with caution. If the icons are the same, look at the names to try and spot an inconsistency.
Check the app name and developer information
Investigate the app name and the developer. The fake SwiftKey app that appeared on Google Play in 2018 was called “Swift Keyboard”— which users mistook for the real application. But the developer name was “Designer Superman”—a clear indicator that the app wasn’t legitimate as SwiftKey is developed by a company called...you guessed it, SwiftKey!
If the developer name isn’t an immediate indicator because that too looks legitimate, you should also check their other apps. You can do this by clicking on the developer name on the Play Store listing; on your phone, just scroll down close to the bottom of the app listing to see more apps from that developer. Fake developers may have a random medley of apps that don’t correspond to one another.
Check the download count
If you’re downloading a popular app, always take a quick look at the download number. Let’s say you’re installing the Instagram app and it only has 5,000 downloads. Chances are, it’s probably fake!
Most apps don’t live long enough in the Play Store to get tonnes of downloads, so the download summary can be an easy way to spot a fraud. If the app is more niche, however, the number of downloads will naturally be lower. So it’s important to factor in the other tips in this article.
Read the description and check out the app images
If the branding looks spot on, reading the description may still highlight some concerns. If the wording seems bot-like or is written in broken English, it could suggest the app is fake.
Legitimate developers will provide a well-written, concise description as to what their apps do. The same applies to the images. While the description and images could have been stolen from the legitimate Play Store listing, you’ll find giveaways elsewhere.
In the SwiftKey example, the description contained the phrase “Typing like flying Swift”. The phrase makes little to no sense and wasn’t contained in the official app listing.
Lastly, read the app reviews. Fake apps will likely have fake reviews, but there may also be legitimate reviews from users who realized the app was fake after installing it. Read the negative reviews (you can sort reviews by the number of stars given) and see what the issues and complaints are.
Make sure Google Play Protect is enabled
Google is attempting to address fake apps with Google Play Protect—a security system to verify apps in the Play Store. It scans apps automatically, but you can also prompt scans from the Google Play Store. It's important to ensure you have Play Protect turned on so that new apps are scanned and verified.
Found a fake Google Play Store app? Report it
If you spot a fake app, report it to Google. Simply scroll to the bottom of the page and click or tap on “Flag as Inappropriate.”
If you’re doing this on a web browser you’ll be redirected to a Google Play help page where you’ll need to click on the “report inappropriate developer reply form” link, and complete the details accordingly. On a mobile, after you click on Flag as Inappropriate, select “Copycat or Impersonation”.