How fake apps try to steal your data with ‘freebies’
BENGALURU: Fake apps are enticing users to avail products for free, and in the process installing malware, accessing crucial data and tracking devices. These apps mostly target popular, viral apps that allow in-app purchases. The fake app business has been estimated at $2.3 billion globally in the first half of 2019, according to Tel Aviv-headquartered mobile marketing analytics and attribution firm AppsFlyer.
“If you want a free life in your favourite game or additional swipes on dating apps, one can easily find multiple such fake options that will offer you these things for free,” said Rajshekhar Rajharia, a cybersecurity expert.
Popular multi-player game Fortnite has several fake clones, enticing users to download without requiring an invitation code, and they promise beta releases and tutorials, according to McAfee.
Many such links are also available for popular games such as PUBG and the dating app Tinder, ethical hackers have found. These apps are more common in categories such as fintech, dating, travel and gaming. “Making such apps takes 2-4 days… and (they are) uploaded on file sharing websites,” Rajharia said, adding that millions of these apps can be made in a short span of time.
These apps are developed by extracting the original apps through their APK files and making fresh APK files with a similar sounding name. Such apps are usually shared through APK, SDK files in closed networks, experts said. User data, including personal and financial data, are sold to companies or leaked. These apps also use stolen photos and other sensitive data to create fake accounts on online services and steal user identities, McAfee has found.
Fraudsters also get advertising revenue. If advertisers pay per impression, then fraudsters increase the number of impressions.
If they pay per install, the fraudsters try to falsify the number of installations.
A few also sponsor apps within these fake apps to make money.
“There are different types of frauds. Victims usually file cases when they lose money, but companies rarely disclose such cases as it harms their reputation,” said a Gurugram-based cyber police official.
Internet companies are investing in fraud detection and prevention technologies, but they are often insufficient to counter these kinds of fraud.