The new app for an upmarket British department store certainly looks the part. Released on Google Play, a shop for Android software, on September 5, it has the right logo, the correct vibrant color and the usual offers of fashionable clothes and accessories. The app is not authorized by the brand, however. It’s littered with pop-up ads and is painfully slow—furious users gave it one-star ratings. Its developer, Style Apps, also has launched apps for other clothing brands that are household names in America.
Such fake apps are designed by crafty developers to trick inattentive users. Apple and Google police their app stores, but many impostors get through. In third-party app stores, unofficial platforms run by someone other than the two tech giants, the problem is even worse.
Users are tricked in two ways. Some apps fill a gap in the market. Selfridges, a chain of British fashion stores, for instance, has a legitimate app for Apple devices but not for Android ones. Radio Shack, the American electronics retailer that filed for bankruptcy in February 2015, has a website but not an official app. Three imitation apps have sprouted under the company’s name.
Other developers simply copy an existing app and hope that users will fail to notice. A search by The Economist found that half of the 50 top-selling apps in Google Play had fakes. These included ones with tweaked names—“MyGoogleTranslate,” for example, rather than “Google Translate”—and a bogus Netflix app that uses a weird, Halloween-themed font for the logo. Google says that it is reviewing these apps and will take action where necessary.
Fake apps often are stuffed with malicious code. Academics from a research group, Serval, at the University of Luxembourg estimate that around a fifth of all Android app-based malware is hidden in fake apps. The malware facilitates various money-making schemes. The most egregious are designed to steal the passwords that unlock users’ bank accounts.
It is more common, though, for scams to profit from ordinary advertising, particularly on Android devices, said Eliran Sapir of Apptopia, a tech company. Ads in the smartphone’s web browser are quietly replaced by similar ones chosen by the fake-app developer.
Another money-spinner is to mine cryptocurrencies. In 2014 analysts at Trend Micro, a cybersecurity firm, discovered that copies of Football Manager Handheld, a smartphone game, and Tune In Radio, an audio app, contained malicious software that mined cryptocurrencies, the proceeds of which probably were funneled to the developers. This still goes on. It does not harm users directly, but researchers warn that such “vampire” apps drain phone batteries.
The pickings are richest in retail, however, and especially in the autumn, when fake-app developers are gearing up for spending binges during sales around Thanksgiving and Christmas, according to Chris Mason of Branding Brand, a tech company.
© 2017 Economist Newspaper Ltd., London (October 14). All rights reserved. Reprinted with permission.