Researches from the University of Sydney and CSIRO’s Data61 found over 2,000 counterfeit apps on Google Play. The study was conducted over a period of two years, during which, researchers investigated a million apps on the Google Play Store.
Given the Play Store’s scale of operation, fake apps are unavoidable. Counterfeit or fake apps impersonate popular applications in a bid to misguide users. While several fake apps are easy to identify when installed, some are tougher to recognise, even to the trained eye.
Fake apps are also used to steal data or infect a device with malware. According to the study, several apps on the Google Play Store are malware-laden or counterfeit. The study also mentions that despite some apps not being infected with malware, they ask for dangerous data access permission.
Co-author of the study, Dr Suranga Seneviratne, a Computer Science academic and cybersecurity expert, explained: “Many fake apps appear innocent and legitimate — smartphone users can easily fall victim to app impersonations and even a tech-savvy user may struggle to detect them before installation. In an open app ecosystem like Google Play, the barrier to entry is low, so it’s relatively easy for fake apps to infiltrate the market, leaving users at risk of being hacked.”
Source: The University of Sydney
Despite imitation being the best form of flattery, fake apps have just gotten better over the years. Shady developers spend hours on creating perfect counterfeit apps that make it impossible for regular users to identify the difference. Google took down over 250,000 impersonating apps in 2017.
While Apple’s App Store may not have as many applications as the Play Store, their numbers are still well into the millions. However, Apple’s stringent security protocols and policies ensure the App Store doesn’t have a significant malware problem as compared to Google’s Play Store.
The paper also detailed that 35-per cent of the 2,040 malware-laden impersonating apps found had since been removed. You can download the entire paper here.
