In 2013, both Google Play and the Apple App Store passed the one million app mark. And if you're a cynic (or realist), that means more crap than ever to weed through.
At best, these crap-apps will inundate you with in-app ads, but be otherwise harmless. At worst, many of the apps are downright scams—taking your money without providing the claimed functionality and even delivering up malware.
We worked with the mobile threat analysis team at Lookout Security to identify which Android and iOS apps you should avoid. Currently, Lookout is analyzing 30,000 apps per day across their 45 million users, giving us a fair amount of insight into where the current threats lie. Based on their recommendations and our own research, these are the five categories of apps you should make sure to avoid.
1. Pirated/knock-off apps riddled with adware
Search for any popular game in either Google Play or the App Store—Flappy Bird, Candy Crush, Angry Birds—and you'll likely find dozens of knock-offs. These pirated/knock-off apps are often riddled with adware that may be significantly more invasive than that found in the original app, and may even do things like take your phone number or change your search provider. Adware was the most widespread mobile threat Lookout observed in 2013, reaching 13.8% prevalence worldwide in Q4.
How to avoid the scam
Don’t download pirated apps! Make sure the app you're downloading is the real one—check the name of the app carefully, the app developer and the number of reviews/downloads (a knock-off app will have few compared to the original). Any "add-ons" or "cheats" that aren't from the original developer also have a high chance of being riddled with adware.
2. Misleading subscription apps
Apps that lure you in as being free or low-cost and then hit you up with surprising monthly subscription charges are another one to look out for. According to Lookout, most of these apps are pornographic in nature (though not all are) and make it unusually hard for the user to understand how much and how often they will be charged. The apps have long Terms & Conditions (T&C), and sometimes the T&C are purposely difficult to read. For example, the print might be dark blue on a black background. In 2013, 1.33% of Lookout users encountered apps of this nature.
How to avoid the scam
If an app you're downloading has an unusually long or difficult to read T&C, be very suspicious. Don't just click "Accept" without reading through it (the scammers count on that). If you are hit with unexpected charges, here is how to resolve it through Google Play and the Apple App Store.
3. Shady "antivirus" apps
Search for "antivirus" in Google Play and you'll find hundreds of apps claiming to protect your phone from malware threats. Many of these apps provide little to no anti-malware functionality. And some may employ the old trick of alerting you that your device is infected when it actually isn't (of course you need the paid version to actually clean up those non-existent "threats").
Recently, the #1 new paid app in Google Play (Virus Shield at $3.99) was an "anti-virus" app with more than 10,000 downloads and a solid 4.7 star rating—and it was a complete scam. According to an analysis by Android Police, it provided no anti-virus capabilities, whatsoever.
How to avoid the scam
Only download anti-virus apps from known anti-malware companies and completely ignore user reviews—overly positive reviews may be fake and, let's face it, the typical phone user does not have the means to test anti-malware functionality. And you shouldn't pay for mobile anti-virus capabilities, as many of the best apps from our tests are free. For our recommendations of anti-malware apps, see our evaluation of anti-malware effectiveness against spyware (note that even among the big providers, performance varies).
4. Apps that market “earn money” schemes
Just before the holidays, Lookout’s security team identified an app called Bazuc that lured in Android users with a promise of a "free money" payout if a user allowed the app's to access their SMS message account. Purportedly, the app then sold this SMS capacity to others to send low-cost SMS messages (including spam).
Installing the app not only put your personally identifiable information at risk, it also exposed users to phone calls and SMSs from unknown people, and put you at risk of violating your carrier's terms & conditions, which could lead to termination of your cellular service..
How to avoid this
Listen to the advice your mother gave you, "If it looks too good to be true, it probably is." Any time you see the words "free money", you should probably run in other direction...fast.
5. Apps that don't provide the stated functionality
We already discussed one type of app in this category, shady antivirus, but there are dozens more. These apps promise functionality they don't actually deliver, though we promise you will see plenty of ads, instead.
There are so many of these apps out there it's impossible to give a comprehensive list. But, generally speaking, if an app's functionality sounds to good to be true, it probably is. Here are some categories where you will find a high percentage of useless apps:
- Night vision/spy camera apps. Do you really think an app can let your smartphone see in the dark? The ones I've seen just turn your screen green to give a night-vision-like appearance.
- Battery optimizers. While some of the apps may provide helpful controls for managing phone settings, most of these features are available directly through the Android or iOS system settings. And the battery saver itself may run constantly, actually reducing your battery life. Instead, follow our battery saving tips for Android and iPhone, with some recommendations for apps we believe are useful.
- Signal boosters. Seriously? You think that the dozens of "signal booster" apps have figured out the secret to boosting your cell signal that Samsung, Motorola and HTC somehow missed? Hey, I've got a bridge to sell you...
- Porn apps. Both Apple and Google prohibit porn in their marketplaces. So if you download a porn app, all you're likely to get are a few stolen photos of women in bikinis and very aggressive ads. I downloaded a couple examples and my anti-malware app immediately warned me about an ad network that could access my device IMEI and email account—that's a serious privacy risk.
How to Avoid the scam
Your mother was right—if an app's functionality sounds to good to be true, it probably is. And if you think the official app markets are bad, don't even think about downloading apps from a third-party app store. Do that and you'll expose yourself to serious malware risks.
From Karen on April 10, 2014 :: 9:56 am
Candy Crush IS a knock-off. http://www.middleeasy.com/gaming/item/12855-candy-crush-completely-stole-this-guy-s-idea-and-here-s-his-open-letter-to-them
Reply
From Josh Kirschner on April 10, 2014 :: 10:14 am
I guess that’s true! Almost all games are knock-offs, to some degree, of games that came before. So now we have knock-offs of knock-offs!
Though from a safety perspective, it’s the apps that knock off popular games that are the big concern - knocking off unpopular games won’t get you very far if your goal is to drive ads or malware
Reply