How to spot and avoid fake apps (2022 guide)

App icons with dollar signs.

With smartphones, you can download apps that do amazing things at the touch of a button—and often for free. However, there are also bad apples: fake apps that trick you into parting with your money. In some cases, they might steal your information or install malware on your device.

[Stay up to date on the latest privacy news and tips. Sign up for the ExpressVPN blog newsletter.]

Jump to…

What is a fake app?
How to spot fake apps
What to do if you have a fake app on your phone
Types of fake apps
Why are fake apps dangerous?
Threats that a fake app could bring
How to protect yourself against fake apps
Examples of fake apps
FAQ: About fake apps

What is a fake app?

Fake apps are designed to look and function like the legitimate apps you’re familiar with. However, they will carry out malicious activities, such as monitoring your device activity, displaying unsolicited ads, or installing malware on your phone.

Where do fake apps appear?

There are several ways fake apps will work their way to you. Believe it or not, fake apps typically appear in official app stores! They can also work their way through in phishing scams and fake app stores.

In official app stores

While app stores should review all apps and developers, thousands of fake apps sneak their way in each year. Here’s how fake mobile apps end up in official app stores.

  1. Attackers register themselves as a developer on any app store.
  2. They’ll download the legitimate app and get its code.
  3. They’ll rewrite the code by including malicious code to make the fake app.
  4. The fake app gets uploaded to app stores.

In phishing attacks

Another way fake apps can get to you is through phishing scams. Attackers can pose as a legitimate service you’re using in an email or SMS. They’ll trick you into downloading an app, which will steal your personal information or spread malware on your devices.

How to spot fake apps

We live in an era of counterfeits as they exist in almost every industry sector. To outsmart them, it lies with whether you can identify the fake from the real ones. As for fake apps, we’ve collated a list of clues you can use to spot them.

1. Check the download count

Popular apps can easily have thousands of downloads, if not millions. If you see a popular app with a surprisingly low download count, it’s an obvious red flag.

2. Check the app icon

Fake apps will also display an app icon that looks similar to a real one, usually by employing the same color and shape. It plays on our familiarity with these brands so we won’t question their legitimacy.

3. Take note of the release date

Most popular apps have already been on the market for a while. So if you see a popular app that was only recently released, it’s likely it’s a fake app.

4. Read the reviews

It’s always wise to read the app’s reviews before downloading it. Here’s how reviews can give away whether an app is fake or not.

  • If an app is fake, users usually complain about it in the review section.
  • If the reviews sound too good to be true, the app is probably fake, too. Needless to say, those are fake reviews created by fake app creators.

5. Research the developer’s name

Every app has a developer, which is essentially the company that created the app. Fake apps can use a developer name that has a similar spelling to its original counterpart. When in doubt, research the developer’s name to find out more about them.

6. Look out for typos and grammar mistakes

Typos and grammatical mistakes should be uncommon with legitimate app developers, as they usually have a team of editors taking care of the copy before releasing their apps. If an app you’re trying to download has an obvious typo or grammar mistake in the app name or app description, it’s probably fake.

7. Review the app permissions

Granted, terms of service agreements are boring to read! But when you’re in doubt of the legitimacy of an app, be mindful of the permissions you’re asked to give. Fake apps often have strange and unrelated app permissions requests. For example, a photo editing app asking for your contact list is definitely a red flag.

What to do if you have a fake app on your phone

If you found out you have a fake app on your phone, follow these steps immediately:

  1. Delete the app to stop it from causing more damage to your phone.
  2. Restart your phone. If you want to be safer, factory-reset your phone, as this can remove any malicious program on your device.
  3. Run an antivirus app.
  4. Report the fake app (to your app store and the business it’s trying to exploit).

How to report fake apps

If you identify a scam app or fake app, report it to the app store carrying it and spare no details in your review to help others stay clear of these fraudulent apps.

On iOS, you can report an app by visiting www.reportaproblem.apple.com, signing in with your Apple ID logins, then reporting the item or app in question.

For Android, you can do it in one of two ways:

  • On Google Play Store, first search for the app’s listing > tap on the three-dot ⋮ menu in the top-right section > tap “Flag As Inappropriate” > select the category for “Harmful to Device or Data” > click Submit.
  • On the Google Play Store Website, search for the Report Inappropriate Apps form and fill in the relevant details.

Types of fake apps

Not only do fake apps appear in different places, but they can also take on different forms. Generally speaking, fake apps can fall under two categories.

The counterfeit

These fake apps look similar to a real one. This means they have a similar logo and an app description that’s stuffed with keywords that appeals to users looking to download the real app.

The repackage

Repackaging is a technique used by attackers to generate a fake version of a legitimate app. This can be done by modifying the source code of the real app, sometimes given out by the legitimate app developer for public access. The attacker will add ads to the code and release it on app stores as a legitimate one.

Why are fake apps dangerous?

It’s because fake apps usually are apps created by cybercriminals to threaten users and their devices. They are designed to resemble legitimate apps but instead carry out malicious activities.

  • They steal your personal information: Once you grant permission to these fake apps, they can access your personal information like any legitimate app. This means they can read your name, date of birth, bank information, among other details.
  • They infect your phones with malware: Fake apps can infect your phone with different types of malware, such as adware, spyware, and ransomware.

Threats that a fake app could bring

Once they’re in your device, fake apps can make your life more difficult in a number of ways. These range from annoyances such as more spam to various forms of fraud, and even extortion via ransomware. Here are 11 reasons to keep fake apps out of your life:

  • Ad bots: Fake apps often display a lot of unwanted ads while you’re using it as a way to rake in ad revenue.
  • Billing fraud: Fraudulent apps can make random charges against your credit card without your consent.
  • Botnet: The app will secretly use your phone as part of a spam campaign or DDoS (distributed denial of service) attack. Learn more about what are botnets and how you protect against them.
  • Hostile content: Fake apps can display inappropriate content, like hate speech and extremism.
  • Hostile downloaders: The fake app itself perhaps doesn’t do much harm, but it will start downloading apps that will.
  • Phishing: A fake app can trick you into entering your login credentials. The attacker will then intercept your information on the other end for malicious uses. Here’s the ways to prevent phishing attacks.
  • Ransomware: Bogus apps can infect your phone with ransomware. Typically, it can lock up your phone until you pay a ransom to get it unlocked. Learn more about What is ransomware and how to prevent it.
  • Rooting: Rooting is an act of gaining administrative access to a phone’s operating system. It’s not a bad thing, as a lot of people root their phones for greater customizations. But rooting malware can gain access to your phone and do harm to it through fake apps. Another thing to notice is that you’ll likely find rooting malware in apps that have nothing to do with rooting.
  • Spam: In this example, fake apps will send out unsolicited messages and malicious spam to your phone contacts.
  • Spyware: Spyware can sneak its way to your phone through fake apps. It’ll secretly gather information about you and relay this information to other parties. Learn more about What is spyware and how to remove it.
  • Trojan: Trojan malware can hide in fake apps and will be installed after you download the fake app. (Read more: The uncrackable Android trojan: What is xHelper?)

How to protect yourself against fake apps

Scam apps are designed to look like the real deal, but there are ways to identify them. Here are a few tips on avoiding fake apps.

1. Don’t take ratings at face value

Ratings are front and center on both the Apple App Store and Google Play Store, and for many users, these are the quickest way to determine if an app is legit. After all, a 4.5-star rated app is bound to be trustworthy, right?

Not quite so. Ratings and reviews may very well be given by dummy accounts used by scammers to create credibility for the app. Telltale signs include single-sentence written reviews and reviews that have nothing to do with the app in question. What’s more, some scam apps can even force users to leave good reviews by withholding app access until the user submits a high rating. 

Reading an app’s most in-depth reviews, especially its unfavorable ones, is a great way to figure out if the app is genuine or not. 

2. Verify the app listing’s details

Fake apps and knockoffs are meant to capitalize on the popularity of prominent apps. If you’re searching for a specific app that’s already well-established, such as a social media app or a banking app, there are ways to make sure you’re downloading the exact one you’re looking for and not a lookalike.

Carefully screen through its logo, description, developer information, app screenshots, and any other information provided, and compare them against what’s listed on the developer’s official website (if there is one). An efficient way to bypass this step is to visit the original website, then look for a link to its app in the app store. 

3. Stick with reputable developers and apps

It’s a safer bet to go with big developer names like WhatsApp Inc and Google LLC. For more obscure apps, do your research by reading reviews and commentary on forums, YouTube, and third-party review sites. 

If you’re unable to find information about it, it’s probably best to avoid it and look up better-reviewed alternatives. 

4. Be wary of useless apps and oddly high fees

Fleeceware apps often target children as they’re more likely to ignore red flags—such as if a simple game offers a free trial but charges more than, say, 50 USD per month thereafter. Set up your kids’ phones so they can only download apps with your approval, such as with Apple’s Family Sharing system.

If you’ve already installed an app and signed up for its free trial, you can track and cancel your active subscriptions via your device’s settings. Be sure to monitor your payments for any suspicious or unfamiliar transactions for at least a few days afterward, so you’ll be able to seek a refund from the app store or your bank right away.

5. Don’t click on suspicious pop-ups or links

As a rule, most companies don’t send you unsolicited emails or text messages. So ask yourself, why should you have received this email? Your alarm bells should be ringing especially if the email contains links prompting you to download something like an app, in order to get some latest updates or win a prize. Needless to say, it’s a fake app trying to sneak its way into your phone.

6. Get an antivirus app on your phone

Antivirus apps help to screen for harmful apps on your phone so you can delete them in time before they wreak havoc on your device and personal data.

Other ways to stay safe from scams

Besides knowing how to identify scam apps, there are a few additional measures you can take to enhance your online security, such as using strong passwords with the aid of a password generator, setting up two-factor authentication (2FA) on your accounts, and using a VPN on all your devices.

Examples of fake apps

Imitation apps

Just a simple app store search for “Angry Birds” will turn up dozens of knockoff apps. These imitation apps mimic other popular apps to mislead users into downloading them by mistake and charging money for them.

Fleeceware apps

These types of scam apps charge high fees while offering little or no functionality. One example in the Washington Post article is a paid QR code reader app, which is unnecessary since all smartphones are able to scan QR codes. This particular app had made 879,000 USD off App Store customers. Fleeceware apps may promise a free trial for a set duration but charge you ahead of the end date or fold in hidden ongoing fees without an easy way to unsubscribe. Researchers at Avast discovered that over 400 million USD has been lost to fleeceware apps on both iOS and Android.

Apps with inflated ratings

Sometimes low-quality apps rank well in the App Store or Google Play due to the app maker’s manipulations of ratings. This tactic is nothing new, but nonetheless, it’s a method of scamming users into paying good money for an inferior product. 

Scareware apps

In some cases, ads scare users by showing them false messages about viruses detected, with links to the scam app that users think they need to fix the problem. In many cases, scareware points users to fake VPN apps. Another scare tactic is a free app showing the user-invented messages about viruses or vulnerabilities that they can cure by upgrading to a paid version of the app.

Fake dating apps

So you download a dating app and an attractive single starts sending you messages. You’re eager to respond—but the app tells you to upgrade to a paid version in order to continue the conversation. Yes, it’s all a scam.

Fake crypto apps

In March of this year, ExpressVPN helped to analyze apps purporting to be crypto wallets. These apps were particularly malicious, as they weren’t scamming users out of app fees but actually getting them to enter their crypto private keys, which unlock their crypto accounts, into the app.

COVID-19 apps

Attackers prey on people’s fears of Covid-19 by creating apps that they claim can provide information on anyone near you that has been infected by the virus. Needless to say, their intention is to trace your location and steal your personal information.

Read more: Here’s what vaccine scams look like

FAQ: About fake apps

What is the list of fake apps that Google banned?
What are some well-known fake apps for iOS?
What are some well-known fake apps for Android?
Technophile and self-professed meme queen with a penchant for games, dogs, and sushi.