The Google Play Store has at least 2,040 counterfeit apps, according to two-year cybersecurity study by the University of Sydney and Data61-CSIRO. After studying over one million of Google Play’s 2.6 million apps, the researchers found that several fake apps were duplicates of games such as Temple Run, Free Flow, and Hill Climb Racing. Many of them contained malware, while other requested dangerous data access permissions. They could be used by hackers to steal people’s personal data installing them could have serious consequences such as financial losses or identity theft, the report said. “In an open app ecosystem like Google Play the barrier to entry is low so it’s relatively easy for fake apps to infiltrate the market, leaving users at risk of being hacked,” said Suranga Seneviratne, a cybersecurity expert and academic at the university’s school of computer science.
How to avoid being hacked by fake apps
The study advised users to perform the following checks before downloading apps to avoid being hacked:
- Do the homework: Check which platforms and countries a new app has been officially released for, as hackers may target countries or platforms where some popular apps are yet to be released.
- Be mindful of cross-market counterfeits: Check if an app has been released on both Android and iOS as hackers sometimes release fake versions of popular apps that are only available on one of the platforms.
- Read the app description: Read the app description and check the available metadata, such as the developer information, number of downloads, release date and user reviews before any installation.
- Stick to official app stores: Don’t install apps from non-official app stores or by searching online.
- Carefully check the permissions requested
- Regularly update the operating system and remove unused apps
Google’s problems with fake apps
In February, Google had removed about 57 fake apps from the Play Store after security firm Quick Heal said that the apps did not have any legitimate functionality related to the app name. According to the report, apps such as Credit Card Process and Home Loan Advisor appeared genuine on the basis of their description but did not function after it was downloaded and opened. The security company claimed that the apps were mainly developed to earn money by showing ads.
The previous month, malware researcher Lukas Stefanko had spotted 15 GPS-based apps in the Google Play store which were duping Android users and earning money from them. According to a report, some apps including GPS Route Finder, GPS Live Street Maps and Maps GPS Navigation did not provide any service of their own to the users but used Google Maps or its API to display ads. Some of the apps also sought permission to access users’ contacts, messages and call logs.
In its latest Android security and privacy report in March, Google said that that 0.45% of all Android devices running Google Play Protect had installed potentially harmful apps (PHAs) in 2018, compared to 0.56% in 2017.