Fake retail apps have plagued the Google Play Store and Apple App Store for years, making it harder for consumers to know exactly which apps to trust. With Black Friday and Cyber Monday approaching, many consumers may be searching for new retail apps and deals for their holiday shopping. Research from Salesforce showed that in the 2018 holiday season, 54 percent of orders were placed on smartphones. With a six-fold increase in fake mobile apps in just six months, retail brands need to be more vigilant of fraudsters than ever.
Fake retail apps are especially risky because they can capture sensitive personally identifiable information (PII) from shoppers, including names, credit card numbers, addresses, and more. What’s worse, once hackers have access to a user’s mobile phone via a fake app, they can steal photos, passwords, location data, and more. Many of these fraudulent apps look a lot like their legitimate counterparts, which may make them difficult to spot to the untrained eye. App developers and publishers should be aware of the proliferation of fake apps to protect both their brands and their customers.
In advance of Black Friday and Cyber Monday, here are three tips to spot fake retail apps:
App copycats are becoming more sophisticated, with fraudulent app installs spiking from 16.6 percent in January 2019 to 22.6 percent in June 2019. While hackers are getting more clever in deceiving users, anomalies can help identify fakes. For example:
Specialty retail apps that promise discounts or use the name “Black Friday” directly in their title may be fake.
For example, the top five leading eCommerce brands had a total of 6,600 blacklisted apps that contained their branded terms, and the top 10 most trafficked brands averaged 17 blacklisted apps containing the term “Black Friday” in their title or description. In other words, hackers know how to target shoppers looking for a deal, and will do anything to get to their wallets.
Even though some fake apps are distributed through third-party app stores or social engineering attacks, the Google Play Store and Apple App Store still house their fair share of copycats. Some malware trojans that steal data within mobile banking or payment apps make their way onto users’ phones through seemingly legitimate flashlight or gaming apps on the major marketplaces. From there, the virus can, for example, infect apps that process sensitive payment data and steal this information.
Some apps may infect devices via adware. For example, both the Apple App Store and the Android Play Store recently removed over 50 malicious apps from their marketplaces that were distributing adware to millions of users. The apps, according to researchers, were downloaded more than eight million times before being removed. Malware-ridden apps may bypass app stores’ security standards by masking suspicious activity through geofencing and other tactics.
Protecting your customers starts with providing them with legitimate mobile applications distributed via official app stores, as many of them will be seeking them out during busy retail seasons. Official applications reduce the risk of fake apps being downloaded. Developers should also regularly check app stores for fake apps, and report any abuses to Google or Apple.
Finally, developers should provide an additional layer of protection for Android and iOS applications through code hardening and runtime applications self-protection (RASP) to effectively protect mobile applications against cloning and tampering. App protection prevents hackers from tampering with applications (including adding malicious functionality and more), repackaging them, and distributing them. This added security can protect consumers from fraud, and preserve the brand’s reputation.