Malicious apps, or 'malware', are often disguised as safe, popular applications. To fool you into downloading these applications, malware developers often employ professional branding (sometimes impersonated from famous companies) and falsely inflate their applications' ratings via fake reviews (known as "astroturfing").
Once installed, they can wreak havoc on your device.
Be app wise
While it's very risky to download apps from unofficial app sites, malware can also be found on official app stores – despite the extensive efforts of store owners like Google and Apple to keep such apps off their sites.
To help you shop safely for apps, follow these general tips:
- Protect your device: Install a trusted mobile security app which will help protect you from malware.
- Stay official: Download apps from the official app stores only (e.g. Google Play and Apple App Store). And if you get suspicious text messages that include links to app downloads, refrain from clicking the links.
- Trust your instinct: If the app looks suspicious, rather be safe and abstain from installing it.
- Report offenders: If you find suspicious apps, report them to the app store, which will investigate and take action against the developer if necessary.
And once you've found an app you want:
- Don't trust the numbers: Just because an app has thousands of downloads, it doesn't mean that each downloader was a legitimate user. Malware developers can use computer programs to download the same apps repeatedly using different user accounts – thereby inflating the figures. A sign of malware is an app that has large download numbers but very few reviews.
- Analyse the reviews: Look for duplicated phrases in user reviews. Since review fakers are writing high volumes of reviews, they can end up using the same, short phrases in their reviews (e.g. "nice", "great app", "best ever"). Also, look for similar patterns in writing style – such as the same word being misspelt in different reviews.
- Check out the reviewers: Click on the reviewers' names to see all the reviews they've written. If they consistently give very high ratings, they might be review fakers.
- Get trusted advice: If there's an app you want and someone you trust has already installed it, ask them about its safety.
- Investigate the developer: Critically review the other apps that the developer has put onto the app store – looking for some of the suspicious signs already discussed. Also, take note of the developer's name and search the internet for negative stories about the person / company.
- Read the fine print: Apps require certain permissions to access your device's information or hardware. For example, a GPS application needs your device's location information, and a photography app needs to use your camera. Malware might request intrusive, unnecessary permissions that don't make sense. For example, you should be suspicious if a calculator app wants permission to directly call phone numbers and send SMSs. So, before you install an app, always check the permissions it requires.