If trends are any indicator, three-fourths of shoppers will be buying gifts from their phones his holiday season. The convenience can’t be beat. But there’s some bad news on the mobile shopping front: According to the New York Times, hundreds of fake retail apps have been popping up in recent weeks on Apple’s App Store. The best case scenario for end users looking for a deal and downloading a fake is that they’re served a bunch of ads — but the apps could fool some consumers into entering their credit card information, setting themselves up for fraud.
The offenders included apps masquerading as Footlocker, the Dollar Tree, Nordstrom, and they seem to come mostly from China. Apple typically tries to delete these apps as fast as they come up, but many end up slipping through. As Chris Mason, chief executive of Branding Brand, a Pittsburgh company that helps retailers build and maintain apps, told the Times, “It’s a game of Whac-a-Mole.”
“Scammers try to take advantage of any medium that exists,” says Andrew Blaich, a researcher for Lookout, a mobile security company. “In this case, mobile app stores are being targeted by scammers to get users to download apps for their favorite brands that were created by the scammers, and not the owners of the brand.”
Malicious apps are much more commonly heard about on Android due to the openness of the platform, but fake apps have been around App Store since its beginnings. With a projected 90 million iPhone users in the United States, fake apps are hitting their stride just before the holiday shopping season, targeting people looking for a deal. There are a few relatively easy ways to spot a fake app, and at least one of these steps should be taken before downloading anything from the App Store.
Use The Brand’s Website
If you’re interested in downloading an app from a brand, visit that brand’s site on your phone. There will often be a “smart banner” at the top, directing you to download the app. Additionally, even if there aren’t “smart banners” at the top of a mobile page, sites will typically try to advertise their app in some fashion. “Follow links to the mobile apps from the company’s website,” says Blaich. “Sites will almost always have a link to their mobile app, if they have one, from their website. This is another direct link to the exact app a user would want to download.” These links shouldn’t take too much digging to find.
Pay Attention to the Developer
“Make sure that the developer associated to the application is related to the brand itself,” says Thomas Fischer, Global Security Advocate for Digital Guardian, a cybersecurity company. A good example, according to the Times, is Footlocker. Footlocker has, in actuality, three iPhone apps, but an entity called Footlocke Sports Co. Ltd had published 16 apps, tricking customers into downloading apps that aren’t affiliated with the company. It sounds just enough like Footlocker that it could fool some people.
Verifying the developer might take a bit of extra work on the users’ part if the brand is using a third party to develop the app. “In this case,” says Fischer, “check that the developer has a proper company page associated to it in the store, and that they have more than one app or demonstrate a consistent availability of apps.”
Look for Misspellings
Fake apps that are developed overseas will often contain some suspect information. “Look for misspellings in the app or developer names that are intended to trick the user,” says Blaich. Weird characters should also be considered. Brands want their apps well-polished.
“You can also check the ratings and reviews to make sure that other people have downloaded the app and that there are reviews,” says Fischer. If an app has little-to-no reviews, or overwhelmingly negative reviews with lots of complaints, it might be fake.