Beware of the apps?
Think using App Store keeps you safe? Think again!
Last year, the Cambridge Analytica scandal showed the world just how easy it is for their data to be taken without their consent. Although GDPR has been introduced in the EU and social networks like Facebook and Twitter have doubled down on their efforts to keep customer data safe, there are still numerous ways in which innocent people can be targeted. One of the ways the fraudsters, looking to gain information from personal data, can strike is by attaching malware to apps in the Apple App Store, the Google Play Store or any other app store outside of the control of the tech giants.
One of the newest ways for the “bad guys” to get information is from your clipboard using “Clipper” malware. It’s fairly easy for people to disguise apps containing malware as legitimate apps and get them on the stores.
How do you register an app in the app store?
Submitting an app to the Apple or Google app store is a relatively simple process. You need to provide the basic app details and then some further information. Once the app has been approved, it then starts to appear on the store. The reason it is relatively easy for developers to create “fake” apps is because the company logo and name can be misidentified as a legitimate app. Recently, the MetaMask app was discovered to actually be Clipper software that stole details of cryptocurrency wallets from a smartphone’s clipboard. This app was submitted for approval to the Google Play Store and successfully passed all of the checks.
What details can scammers get?
If someone tries hard enough, they can probably get a great deal of information from your smartphone. One of the more popular and current ways for fraudsters to get hold of your personal details seems to be the Banking Trojan apps. An app that emulates your legitimate banking app is created with the same login page and the same design. If it then passes the approval process, people can be conned into unwittingly downloading this app and sharing their online banking details with people looking to exploit them for nefarious reasons. Unfortunately, for victims these apps tend to not have any functionality and they soon realize they have been scammed. But by then, it is too late. Another problem is the fact that unauthorized third-party's can use the brands image or name.
There are also privacy concerns with apps that use a microphone. These concerns have been raised mostly in conjunction with smart speakers, but an app that relies on microphone use can steal information in the same way.
How can I stay safe from malicious apps?
If you are worried about malicious apps, there are a few measures you can take to ensure your data protection:
- Stay away from unauthorized app stores
- Regularly update your devices software
- Regularly update your apps
- Be aware of what permissions the app requires and why
- Download a mobile security application
- Do not tamper with your phone or be tempted to “jailbreak” it
We have a number of different ways to help you if your company is victim of fraudsters setting up an app in your name.
Our app monitoring service can help with this.