When Good Apps Go Bad: How to Avoid Malicious Software

Fake apps proliferate online, and it’s hard to tell the good apps from the bad. Scammers are getting sneakier by hiding their malicious apps behind the smokescreen of reputable ones.

Your garden-variety fake app is typically malware disguised as a fun game or useful utility. Behind the shiny exterior lies code that can steal your data and hijack your accounts. Scammers make these apps as enticing as possible to lure consumers, complete with fake five-star reviews and glowing recommendations. But consumers have gotten wise to this, and many are avoiding fly-by-night apps and sticking with those that are known to be reputable.

So the scammers have turned to a new tactic, buying out previously legitimate apps only to insert their own data-stealing code. This gives them a ready-made user base to prey upon. Consumers who have installed the app suddenly get a new version, with little indication that it’s now owned by scammers who are spying on them. And the original developer’s reputation takes a hit, because even though they don’t own the software anymore, their name is still associated with it.

Scammers also pay cash-strapped developers to insert code into legitimate apps. The developers don’t necessarily know the code is suspect. It’s often branded as “marketing” or “ad tracking” or some such, and the price is often too good to resist. You end up with an app that still does what it’s supposed to do, only it’s also doing a few secret things behind the scenes, like opening back doors into your network.

With enough money, scammers can buy more advertising than legitimate developers with competing products. The Verge published an article explaining one such case, where a developer found himself outbid and outmaneuvered by scammers who went so far as to use his good name and reputation to market their malware.

And then there’s fleeceware, which I’ve mentioned as another tool in the scammer toolbox. Fleeceware apps aren’t necessarily malicious themselves. Instead, they offer you a trial version then hit you with outrageous subscription fees.

So how do you know which apps to trust? It’s still a good idea to stick with tried-and-true apps from known developers. Research the app before you install, but don’t just rely on the app store reviews because those can be faked. Do a wider search on the Internet and see if anyone’s encountered anything suspicious about that app.

Don’t be put off if a developer is a one-person operation. Many small developers are reputable and skilled, and produce excellent apps that are free of sneaky code. Look for apps that are updated frequently, from developers who are willing to respond to customer inquiries and support questions.

Delete any apps you don’t use. Not only will that free up space, but it will also reduce the risks. Stay away from apps that haven’t been updated in years. They may have security bugs, and could also be incompatible with newer system versions.

Subscribe to Simple Tech Tips by email for free weekly computer news plus links to my latest feature articles and blog posts. Or, become a paid member and receive all of my free content plus weekly step-by-step guides and exclusive tips!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s