University of Sydney researchers analysed over one million Google Play apps and found over 2,000 counterfeit apps.
The dangerous apps were hiding in plain sight in the online store, tricking users by mimicking popular alternatives. The study used artificial intelligence to identify likely counterfeits, before testing them for malware and other vulnerabilities.
Many of the fake apps impersonated highly popular apps and contained malware, with popular games such as Temple Run, Free Flow and Hill Climb Racing being the most commonly counterfeited. The study also found that several counterfeit apps request dangerous data access permissions despite not containing any known malware.
Counterfeit or ‘fake’ apps are often used by hackers to steal user data or infect a device with malware. Installing counterfeit apps can lead to a hacker accessing personal data and can have serious consequences such as financial losses or identity theft.
“In an open app ecosystem like Google Play the barrier to entry is low so it’s relatively easy for fake apps to infiltrate the market, leaving users at risk of being hacked,” said School of Computer Science academic and cybersecurity expert Dr. Suranga Seneviratne.
The Google Play Store is the largest of its kind, hosting over 2.6 million applications, many of which have been developed by third parties.
The tips to tips to avoid being hacked by counterfeit app are known. If you want to try out a new app, find out which platforms and countries it has officially been released in. Counterfeiters may target countries or platforms where some popular apps are yet to be released.
One common trap that you might fall into is downloading an app on Google Play that has only been released on the Apple Store. Always check to see if an app has been released on both platforms before downloading.
You should also read the app description carefully and check the available metadata, such as the developer information, number of downloads, release date, and user reviews before any installation. For example, a Facebook app with only 100,000 downloads would be an immediate red flag as the authentic Facebook app would instead have billions of downloads.
And as always, do not install apps from non-official app stores or just by searching online. Updating your OS regularly and removing any apps you no longer use is also important.