No Developers Behind the Scenes: How to Avoid Installing Malicious Apps on Your Phone

Currently, there is a staggering figure of around 9,000,000 active apps across different platforms including Apple, Google and others. Undoubtedly a substantial number, but it is essential to note that only a fraction of them are widely recognized and genuinely beneficial.

Plus, many devices already come pre-loaded with a sizable selection of apps, further reducing the need for additional downloads. Still, the search for that elusive app that can satisfy our long-standing cravings persists. We are constantly looking for a new application that can finally meet those needs that we have craved over the years.

Imagine a scenario where you recently downloaded a new game, digital currency wallet, or fitness app and things quickly take a turn for the worse. Perhaps your phone screen is flooded with intrusive ads or the application does not fully meet your expectations, as often happens. Worst-case scenario, you may even discover an unauthorized transfer of funds from your bank account or an attempt to access personal information, such as your health information. These instances can be very disturbing and pose a significant threat to your privacy and safety. it is highly probable that the app you downloaded has malicious intent to exploit your finances or collect sensitive information.

Given the large amount of data we access through our smartphones, it’s no surprise that cybercriminals target it, and the risks are especially pronounced in unofficial app stores. These platforms have a higher likelihood of threats and unauthorized activity. Fortunately, by exercising mindfulness, employing logical thinking, and practicing caution, you can protect yourself.

Here are some valuable tips from ESET, a cybersecurity company, to help you avoid downloading malicious or dubious apps that could lead to regrets later:

1) Have you come across an app that promises amazing features or offers a service you’ve been looking for? If the app is truly popular, its download numbers as listed on reputable app stores can provide valuable insights. Hugely popular apps often rack up millions or even tens of millions of downloads (considering the vast number of smartphones around the world).

Therefore, a globally recognized app should exhibit such substantial figures. Similarly, a local app, such as one in Hebrew, should have at least hundreds of thousands of downloads if it really stands out and enjoys widespread recognition. If the download numbers aren’t in line with expectations, it could indicate a potential problem.

2) App reviews can be a relatively effective method of assessing an app’s authenticity and quality. If an app has a low rating and bad reviews, you may want to reconsider downloading it. Conversely, if an app has an extremely large number of positive reviews that look suspiciously similar, it should be cause for concern.

This is especially true for apps that haven’t garnered millions of downloads, as a large number of reviews for such apps may come from fake reviewers or even bots. Also, it’s worth checking the geographical distribution of reviews. For example, if you find lots of reviews from India for an app that interests you, but you’re looking for a relevant app for Israel, it might not be the right choice for you.

3) Malicious developers often try to trick users by copying the logo or graphic design of legitimate apps. However, they cannot replicate the design exactly as it would prevent them from uploading the app to the store. Instead, they create a design that closely resembles the original, hoping users won’t scrutinize the screen or images in the app store too closely.

Therefore, it is vital that you pay attention to these details. However, it’s important to note that recognizing the logo of a well-known entity, such as a bank, credit company, or Bitcoin wallet, doesn’t necessarily mean you’re in good hands. Some malicious apps go beyond just misusing the name of a legitimate service and are distributed via websites that are mirror images of the genuine ones. Be careful and check the legitimacy of the source before downloading any app.

4) It’s vital to be vigilant about the availability of official apps for the specific store or service you’re looking for. Just because a certain platform offers a service you want doesn’t necessarily mean it has an app, and some are exclusive to certain platforms like iPhone. Also, some businesses or organizations rely solely on websites instead of apps. Therefore, before proceeding to download an app for a popular online service, make sure that the service actually provides an official app. In such cases, the official website will usually provide links to download the app from authorized stores.

5) An app’s credibility lies not only in its advertising but also in its visibility. Developers who invest significant effort and resources into their applications also prioritize improving their visibility and ensuring the accuracy of their promotional materials.

The app description itself serves as advertising material, and a professional developer will diligently review the text to eliminate spelling errors, correct the content, and ensure accuracy. If you notice grammatical errors, incomplete information or inaccuracies in the description of the app, it could be an indication that the app may not fulfill the promised functionality.

6) Identifying the legitimate developer behind an app is by no means an idle question. Legitimate app stores, such as Google Play and the Apple App Store, ensure that only authorized developers can upload their apps under their name or alias. For example, Google apps will be published by Google itself, and the same goes for Facebook, Instagram, WhatsApp and other well-known companies.

However, malicious developers can try to trick users by using names that closely resemble those of legitimate developers. They could load fake versions of popular apps, substituting a letter or using a similar sounding name. In these cases, conducting a search on platforms like Google can be beneficial. By searching the developer name and reading the reviews, you can glean more information and insights. Legitimate and professional developers often have multiple apps credited to their name, further cementing their gravitas.

7) Granting permissions to apps is an important aspect to consider when assessing their credibility and potential risks. It’s essential to use logic and common sense when determining whether certain permissions an app requests are necessary for its intended functionality. For example, it’s reasonable for a flashlight app to request access to the camera because it uses the camera’s flash to provide light. However, if a flashlight app requests access to your contacts, it could arouse suspicion since there is no apparent correlation between the app’s functionality and the need for contact information.

In general, simple apps usually only require one or two permissions to work properly. While some apps may ask for more permissions, it’s important to be cautious and consider whether those permissions align with the intended purpose of the app. It’s worth noting that in some cases apps can still work even if you haven’t granted all the required permissions. Starting without granting all permissions and then evaluating the app’s performance and functionality can be a prudent approach.

If you come across a potentially harmful app, it’s a good idea to uninstall it. Alternatively, you can go for a manual approach by resetting your device to factory settings after backing up your data. In some cases, you may need to boot your device into safe mode to remove the app. ESET provides a helpful video tutorial on this process.

Here are some final helpful tips to send you on your merry way:

– Reporting the malicious app to the app store can help protect other potential victims and may even allow you to request a refund for any associated costs.

– For apps downloaded from the Google Play Store, enable Google Play Protect scan on your device. This feature helps detect and prevent installation of malicious apps.

– If you download apps from other sources or stores, consider enabling the “Improve harmful app detection” option. This setting will automatically submit unknown apps to Google for further analysis and identification of potential threats.