5 Signs An Android App Might Be Fake
When an Android developer publishes an app on the Google Play Store, it has to pass a series of automated tests that check the app for policy violations, copyright infringement, and malware (per Google). If the automated systems flag the app, it's manually tested by human reviewers before it's approved. Most often, developers can get their app submissions up on the Play Store within hours.
That being said, the Google Play Store has millions of apps and counting, which means fake, shady apps can slip through the cracks unnoticed. Sometimes, they can even make their way to the top charts because Google's algorithm can be manipulated (per TechCrunch).
Fake apps often scam users with a subscription-based service that doesn't work as promised, or is otherwise misleading. Then there are malware apps that intrusively mine devices for sensitive personal data without user consent. Some developers steal open-source code or make low-quality clones of popular apps and games (like Fort Battle Fire Shooter: Nite and more), but all these apps do is endlessly spam you with ads. We'll explore a few tell-tale signs that an Android app is fake, and advise how is best to avoid them.
Unnecessary app permissions
First, delete the apps you do not need — legacy utility apps, performance-boosting apps, and duplicate apps. Most utility tools like a calculator, converter, weather, clock, calendar, torch, notepad, nearby share, translator, compass, scanner, app locker, and screen recorder are pre-installed on most modern Android phones. Basic apps — alongside finance apps and VPNs — are the prime target for scammers and shady developers since users commonly search for them on the Play Store (via Wired).
Naturally, things like a calculator app don't need access to call logs, microphone, calendar, location, or files. Go to the permission manager to monitor what each app is allowed to do, and uninstall or restrict any apps with suspicious permissions.
Google has thwarted these apps to a great extent with the fragmented, sandboxed approach to app permissions (via Google). Apps are walled off from system resources by default until the user grants the requested permissions. If you install a fake app, it'll request as much access as possible, which is generally a sign of suspicion.
Some can request elevated system privileges called special app access that grants them control over Wi-Fi, SMS, usage, notifications, battery, device administration, and more. They can even modify system settings and install apps with the proper permissions.
Certain legitimate apps need these elevated permissions to work, but malware with special accessibility can display pop-up ads everywhere that can't be disabled, lock you out of the app uninstaller, and crash and slow down your device. Be wary and grant app permissions with caution.
Untrusted sources and subscription models
Google scans, moderates, and reviews the content on the Google Play Store regularly. It also allows users to report malicious and policy-violating apps. But, unlike iOS, Android lets you install apps outside the Play Store. Apps downloaded directly from the web, especially banking and finance apps, can contain malware. Consider sticking to the Play Store and avoid downloading apps via SMS and email links.
Third-party app stores and APK websites have more lax guidelines which allow developers to publish re-engineered, malicious versions of popular apps. To restrict installations from sources outside the Play Store, keep the "Allow Unknown Sources" option unchecked in Settings (via Samsung).
Even within the Play Store, however, not every app is safe. Last year, Avast found 151 fake utility apps on the Play Store that force-subscribe users to paid services, charging them upwards of $40 (via Avast). Google took down the apps promptly, but only after they had affected hundreds of thousands of users. If you install a subscription-based app, make sure it offers a trial run before you commit to the monthly payments. In case the app doesn't work as intended, you can cancel the subscription and uninstall the app (via Google).
Investigate the reviews and ratings
Before you hit that green install button, check the star rating, downloads, and review counts as well. They should be listed right under the app icon, though unfortunately, the ratings and reviews aren't always reliable. The Google Play Store is flooded with fake reviews and downloads.
According to Android Authority, There's an entire underground market for buying and selling fake Play Store reviews that boost your app or smear competitors. Often, the reviews are convincing enough. When developers pay these services to inflate the downloads and positive reviews artificially, Google's algorithm sees them as legitimate and pushes the app's ranking. That's how a fake app can make it to the top charts on the Google Play Store.
If the app has positive reviews and ratings, filter the reviews by "1 Star" to find people's issues with the app. Fake and scam apps should have single-star reviews with descriptions exposing them as such. Similarly, consider the positive reviews. Look for repetitive (or even duplicate) reviews with five and four stars. If you find any, there's a good chance the app and its reviews are fake.
Read the app description
The rest of the page can also help you detect fake apps as well. For instance, the title or name of the app might have an inaccurate or dubious name. The developer may try to pass off their clone app as the more popular one, but they can't use the exact same name. Instead, they might try to alter the title of their clone ever-so-slightly to mislead users (via Google).
Joke or prank apps that claim to be X-ray cameras, "clean" RAM, or apps from discontinued services (like the Blackberry Messenger or Flash Player) have phony, misleading titles.
Fake apps usually have a janky, underdeveloped interface cluttered with ads, which you can see in the app screenshots as well. The description could be vague and poorly written, and the update history in the "What's New" section would be either non-existent or inadequate.
The listings also feature a detailed list of the type of data the app collects. Plus, you can tap "About this App" or "About this Game," scroll down to App Permissions, and tap "See More" to find all permissions it needs without downloading it first (via Google).
Look out for Google Play Protection warnings
Google Play Protection is an extra layer of security built into modern Android devices that defends them against malicious, harmful apps. It works using on-device and cloud-based scanning to flag or disable malware — such as stalkerware, unauthorized downloaders, billing fraud, spam, spyware, and elevated permissions violations (via Google). Google Play Protection also keeps you safe from Mobile Unwanted Software — or, in simpler words, fake apps.
Google classifies Mobile Unwanted Software as deceptive apps that don't deliver what they promise, making undisclosed changes to the device, manipulating users into installation, or collecting personal information without user consent (via Google). Apps that can display disruptive, inescapable ads that make it difficult or impossible to uninstall them, apps that pose as system apps, or apps that interfere with the UI also count as Mobile Unwanted Software.
You don't need to install, enable, or tweak Google Play Protect (via Google), as it works silently in the background until it's needed. The protection covers apps installed from any source — Google Play Store, or otherwise. If Google Play Protect detects a harmful or fake app, you'll see a pop-up notifying you to uninstall it. Certain kinds of malware are automatically deactivated, but you will be notified.