Billions of smartphone users enjoy the convenience and entertainment that today’s mobile technology offers. The increasing options for different apps, software and technologies make our phones important tools in navigating the modern world. But as the number of smartphone users continues to climb, so is the prevalence of cybercriminals targeting mobile phones—particularly in the form of fake apps.


Fake apps are created by cybercriminals and contain malicious code designed to steal your data. The look and function of fake apps are structured to mimic a legitimate app in order to trick users into downloading them. When you install a third-party app, it requests permission to access your data. Fake apps exploit this to gain access to your personal information, often without your knowledge.

The creation of fake apps has become a new threat plaguing consumers everywhere, with cybercriminals increasingly honing in on mobile platforms as their preferred target of attack.

To understand the dangers of fake apps and how to better protect your mobile data security, read on.

What Are Fake Apps?

Once a fake app is downloaded to your phone, it can do a lot of harm. Fake apps might aggressively display advertisements as a way to rake in ad revenue, install malware on your device or steal your account credentials to be used elsewhere online without your permission.

Regardless of how a cybercriminal uses a fake app to exploit you, the result always involves damage to your data privacy. Alarmingly, there are thousands of fake apps available across different app stores—FraudWatch International found that the number of malicious apps doubled in the first quarter of 2020 alone.


How Do Fake Apps Work?

The process of creating and distributing fake apps is unfortunately easy to carry out—a cybercriminal can simply register themselves as a developer on any app store, download a legitimate application and rewrite it to include malicious code. From there, they simply upload their fake app to the app store.

Types of Fake Apps

There are a variety of categories that fake apps fall into depending on the malicious intent a cybercriminal has when creating them. Malware is any code that puts a user, a user’s data or a user’s device at risk. The type of malware injected into a fake app can vary by function and capability, and it may fall into any of the following categories.



Backdoor apps are those that allow a hacker to gain remote access to a device and execute unwanted, and often harmful, remote-controlled operations, such as deleting or installing other apps on a device without the user’s consent.

Billing fraud

Billing fraud involves apps that automatically charge purchases to a user’s phone bill without the user’s content. This may include sending premium SMS messages, making collect phone calls or making purchases in an app store.

Commercial spyware

Commercial spyware apps send personal data from a user’s device to third parties without the user’s knowledge or consent. These types of apps might read your text messages or listen in on phone calls.

Denial of service (DoS)

DoS apps contain code designed to place your phone in a DoS attack, which involves sending a high volume of requests to a remote server in order to overload it and shut it down.

Hostile downloaders

Hostile downloaders don’t contain malicious code themselves, but they initiate the download of other harmful applications onto a device without the user’s consent.

Non-Android threat

Non-Android apps contain malicious code that can’t cause harm to an Android device, but can affect other devices.


Phishing apps often appear to be from a trusted source and request a user’s authentication credentials or billing information, which is then sent to third parties. These apps often target bank information, credit card numbers, online account information and login credentials.

Privilege escalation

Privilege escalation apps are designed to bypass the number of privileges allowed on a user’s device, resulting in access to elevated privileges or the disabling of core security functions.


Ransomware apps take partial or extensive control of a device through encrypting a user’s data, then demands users make a payment or perform a certain (often transactional) action in order to have their data decrypted. Common instances of this include locking a user out of their device and demanding money before they can regain access.


Rooting apps contain code that roots the device, commonly known as jailbreaking. Not all rooting apps are harmful, and many legitimate apps perform rooting—but legitimate apps always require user consent and they don’t execute harmful actions against the user’s device.


Spam apps contain code designed to send unsolicited messages to a user’s contacts or involve the device in an email spam campaign.


Spyware apps send personal data to third parties without a user’s consent. Exploited data may include text messages, call logs, contact lists, email records, photos, browser history or data from other apps on the user’s device.


Trojan apps are those that seem benign, such as a simple game, but secretly perform undesirable actions in the background. They include a harmless component that allows the app to function as intended (such as playing a game) as well as a hidden harmful component, such as sending premium SMS messages from the user’s device without the user’s knowledge.

How to Spot Fake Apps

The average smartphone user had 40 apps installed on their phone in 2020, and 36.5 billion apps were downloaded globally in the third quarter of 2020 alone. Given the increasing advancement of the world of mobile technology, it’s safe to assume cybercriminals will continue to target this market as thousands of new mobile apps and technologies are made every day.

The best defense consumers have against falling victim to a fake app download—and the resulting vulnerability of their data—is simply knowing what to look for. Understanding how to vet an app before downloading it is key. By paying attention to a few critical factors before you hit download, you can better protect yourself from a malicious app making its way onto your device.

Read the Reviews

Reading an app’s reviews is a great way to discover any potential issues other users have already reported. If you notice multiple negative comments or complaints, tread with caution before downloading the app onto your device.


Take care to take a closer look at the positive reviews as well. Cybercriminals know that ratings and reviews play a big part in how many downloads an app may get, and may generate fake reviews to lure victims. Take any positive reviews with a dose of skepticism.

Check the Developer

Always take a little extra time to do some research on the developer of any app you’re thinking about downloading. A quick Google search can let you in on a developer’s reputation and whether or not they’re a trusted source.


Fake app developers are also known for giving apps the same name as their genuine counterparts, sometimes changing a letter or two in the hopes of it going unnoticed. Read each letter carefully and look out for any misspellings, which could tip you off to a potential fake app.

Check the Release Date and Update Frequency

Take note of the date listed for when an app was released. If you come across a recently published app with a high number of downloads, it’s a strong sign of a fake app. Most apps that have gained popularity and a high number of downloads have been on the market for a while.

Pay Attention to Permissions

If you’ve worked through the steps above and you do decide to download an app, make sure you read the permissions agreement provided before you proceed. Fake apps tend to ask for extra authorizations they don’t actually need, but this often goes unnoticed as most people don’t take the time to read the fine print. Always verify whatever authorizations an app is requesting to perform on your device before allowing full access.

How to Protect Yourself from Fake Apps

In today’s tech-driven world, consumers continue to search for new ways to streamline their digital lives across all devices. The rapid expansion of mobile technology is hard to ignore—consumers collectively downloaded 218 billion mobile apps in 2020, and mobile app revenues are expected to surpass $935 billion by 2023.

That said, there are a few ways consumers can protect themselves from the threat of fake apps and other mobile malware. For one, make sure you have two-factor authentication enabled on your mobile device. This creates an extra layer of protection of your data, and is especially important if you have banking apps or other sensitive data stored in your applications.

Another important and very simple step is to stay on top of your software updates. Regular updates can strengthen your smartphone security and reduce your vulnerability to an attack. Make sure you only authorize updates directly from your phone settings—never from a suspicious website, social media platform or even an app itself promising to update your system.


It can be difficult to stay on top of every app update, which is why real-time monitoring of all your apps is the best way to stay protected from a malicious update. Because this is difficult to maintain manually, one of the best forms of protection consumers can take advantage of is a mobile antivirus software—real-time virus monitoring makes it simple to stay on top of every mobile threat with more accuracy and ease.

The rapid evolution of mobile technology isn’t slowing down any time soon, and consumers will need to be more vigilant about keeping mobile threats at bay. As mobile devices grow in capacity and usage, they present an increasingly rich and desirable target for cybercriminals.

Make sure you’re doing what you can to protect all of your devices and stay informed of the latest cybersecurity trends and best practices as a consumer.