How to Spot a Fake App

How to Spot a Fake App

watch-out-for-fake-android-apps

We all need to be careful as the next app we download could be a dangerous Trojan. Below I will explain how to spot fake or malicious apps for your phone or tablet.

Android malware is on the rise. Kasperkys (in partnership with Interpol) latest Mobile Cyber Threats Survey found there were six times the amount of malicious apps in July 2014 than in August 2013.

You can see the attraction of targeting Android devices from a hacker’s point of view. Your Android devices contains things like your personal details, logins and passwords, private notes, messages and of cause your photos, it could even be linked to your bank account or credit card too.

Hackers simply have to create a Trojan and disguise it as something you might want and they can then get their hands on all that valuable data. Facebook fakes, video apps and too-good-to-be-true antivirus apps are circulating in there thousands right now, just waiting for you to download and install them.

Hackers, like all conmen, give themselves away by making simple mistakes.

Its ‘Facebook’ but not as you know it

Genuine social apps never ask for 'device administrator' permissions

Genuine social apps never ask for ‘device administrator’ permissions

Mobile malware makers love Facebook. According to Cheetah Mobile the makers of Clean Master, no fewer than 15,000 fake social networking and messaging Android apps have appeared between January and August 2014, More than half of these were dodgy Facebook clones. Thousands more are pretending to be WhatsApp, Twitter and Instagram.

Hackers use the apps to steal your username and password, which they assume you are probably going to use the same details on other accounts to.

Malicious clones often have really poor spelling and badly reproduced branding, but you might not always notice this until its to late and you have downloaded the app and entered your password and username. By that time its to late as the app has done its job.

There are a few ways to check and see if a big-name app is the real thing before downloading it. First, see how many people have downloaded if from the Google Play Store. At the time of writing this the real Facebook app for Android has been downloaded almost 23 million times. If you are looking at a ‘Facebook’ app that has only been downloaded 200 times or only has a few “user” reviews its not the real deal.

You need to be wary of believing everything you read in the Play Store reviews. It’s very easy for app developers to buy fake reviews and ratings from feed back touts like App Reviews Mart, and get 5 star reviews from BestReviewApp. If in doubt its always best to click on the reviews name and see what else they have reviewed. If all there reviews are worded exactly the same or sound suspiciously generic (“Great App, Just what I needed”), take them with a large pinch of salt. You can report apps, reviews or comments that you think are suspicious to Google.

Lots of generic, short reviews may be a sign of a fake app

Lots of generic, short reviews may be a sign of a fake app

It’s not in the Google Play Store

If you are not sure that the brilliantly reviewed, but badly spelled app is legitimate, bookmark the Play Store page and then come back to it a few days latter. Fake apps don’t last long in the Play Store. Those that are not blocked instantly by Google’s app-scanning tool, Bouncer are usually removed within a few days according to F-Secure latest Mobile Threat Report.

Google can’t police the entire Internet; so bogus apps always find other ways to get distributed, like Facebook comments, emails, online adverts or an independent Android app website like AppBrain. All the fake apps identified by Cheetah, were downloaded from outside they Play Store.

Never download apps via adverts or links in Facebook Comments

Never download apps via adverts or links in Facebook Comments

Independent Android sites are not always dangerous, but please bare in mind they don’t scan the apps as thoroughly as Google. Earlier this year security firm Opswat found a third of all Android apps outside the Plat Store were infected with malware.

Similarly, if you are using an iPad you should only download apps from the App Store and iTunes (not that you get much choice). The tightly controlled nature of iOS tends to prohibit third party app markets and this helps keep hackers at bay, which I think is a good thing.

It’s too Good to be True

Hackers know that we can all be slaves to our desires, so if they promise to give you exactly what you want, you are less likely to trust your better instincts.

In June of last year, Ransomeware on Android arrived in the shape of Simlocker Trojan; it was packaged as a porn-video app. Not long after that, hacker’s striked again this time exploiting political fervor by spreading spyware among Hong Kong protesters, who thought they were downloading a pro-democracy app.

The Angry Birds Transformers app contained a "vandal' Trojan that destroyed data

The Angry Birds Transformers app contained a “vandal’ Trojan that destroyed data

You also need to be on the lookout for apparent collaborations, because in September last year, there was a new Angry Birds app called Angry Birds Transformers in the Google Play Store, which turned out to contain the Elite Trojan. Security researchers at Dr Web discovered the Trojan in October Last year and they categorized the Trojan as a “Vandal Program” as it destroys the victim’s data. When you launched the app for the 1st time it would ask for ‘device administrator’ permissions (These are normally only needed by apps that let you lock or wipe your phone remotely) and then immediately format your SD card if you have one installed, and block all of your messaging apps.

If an app ever says it can remove all of the manufactured pre-installed software with out you having to root you device or reveal who is looking at your Facebook profile, its lying!!

 

You Have Never Heard of it

New apps from companies you have never heard of that promise the earth are very unlikely to be what they seam. According to Kaspersky, fake antivirus apps are a big problem.

April Last Year, an antivirus app, called Virus Shield by the developer Deviant Solutions managed to sneak through Google’s app scanner and it was downloaded 30,000 times, and cost £2.38 the app its self was not malicious but it was totally useless (expect to its developer who became quite rich from it). When the scam was found Google was forced to refund all of the 30,000 customers who had purchased it.

Don’t be tempted by ‘novel’ antivirus apps. Most of the big antivirus companies out there make safe reliable tools to help protect your devices from malware and fake apps; they are also regularly updated to help keep your devices safe from the latest treats.

So be aware of the apps you are downloading are what they say they are. Stay safe and keep alert for the scammers, all they want is your money and to cause as much trouble as they can!!!!

Share Button

Are Scam Downloads Getting Harder to Spot?

Are Scam Downloads Getting Harder to Spot?

Scam Alert

Malwarebytes have revealed the latest strategy’s that are being used by scammers, which has worryingly shown that the scams are getting harder to stop.

You might have decided you need a new antivirus program from a trustworthy company like AVG, Malwarebytes, Norton or McAfee. It downloads without any problems, you accept the terms and conditions and the familiar installer starts, all seems to be going fine until half way through the installation when you get an error message that advises you to ring a phone number. You could easily think this is the antivirus helpline.

But you would be wrong! In fact this is the latest trick used by scammers to steal your money. The software is fake and if you call the number in the error message, you will get through to an Indian call center where they will tell you your computer is crawling with viruses and that they will clean if for a fee. Of course this is a lie.

This type of scam is easy to fall for, but what is worse is that fraudsters are starting to hack genuine security programs so that you pay them instead of the software company. Malwarebytes have detected criminals doing this. Senior security researcher Jerome segura, said: “A few weeks ago we documented a US-based company using our software against our Terms and Conditions. They were charging four times the price and worst of all the license keys were all pirated.”

Its not difficult for criminals to build fake programs that mimic legal ones. Egemen Tas, Comodo’s Vice President of Engineering said that Scammers don’t need to create a fake antivirus from scratch, instead they can “simply take a genuine AV product, modify it and distribute it”.

So how can you protect yourself? You should only download programs from the developers’ official site, or from a reputable site like CNet, TechSpot, or FileHippo. You also need to be cautious when using the Windows Store on Windows 8, as it was recently reported by technology site How to Geek as being filled with fake software.

Malwarebytes, which highlighted these scams on its blog, says that a fake version of genuine software will be flagged by Windows before you download it with the following message: ‘The publisher could not be verified’ or ‘driver have been altered’. These warnings mean the download has not been digitally signed by the programs developer, most reputable software should all be signed. You should click Cancel, not Run, and leave the box ‘Always ask before opening this file’’ ticked.

So despite the increasing deviousness of the scammers you can still shield yourself from their attack, Thankfully, it’s not impossible to spot them, but its definitely getting harder. So stay alert and above all keep safe from these scammers!!!!!

Share Button

Make your Mac go faster

Make your Mac go faster

make-your-mac-faster-feature
There are a lot of things that you can do to help boost the performance of your Mac. Below I have listed the ones that will have the biggest impact.

More Ram

The more RAM you have, the better. The main reason Macs tend to run slowly is because apps and processes consume a lot of RAM. RAM can be very expensive and adding it after you have bought a Mac is becoming almost impossible now as most new Macs have the ram soldered to the motherboard. So what is the next best option? Try and minimize how much you use. Don’t keep lots of apps running in the background if you are not using them, close all Safari tabs. Use Activity Monitor to identify apps that are hogging a lot of your RAM and then quit them

Hard drive space

You will also find the more storage space you have on your boot drive, the better OS X will run. This is because OS X sometimes uses the boot drive as a cache if it needs more room than is available in RAM. I would always recommend that you keep at least 10% of your HD free for OS X to use. If you Open a Finder Window and then select ‘Show status bar’ from the View Menu so you can see how much is available. Try and archive any documents you don’t need regular access to, and you should also consider using an external HD or even a NAS drive for your iTunes Library. Always empty your Downloads folder, and use an app like Gemini to help identify and delete duplicate files.

Desktop clutter

Files on your Desktop will slow down your Mac too. OS X draws a new window (complete with its own Preview) for every file on your Desktop; this can hog system resources if you keep lots of files on your Desktop. File them, Trash them, or put them in a folder.

Spotlight and Time Machine

Spotlight and Time Machine are both very good features, but they can sometimes cause performance issues, especially if you are using a network drive to back up or let Spotlight index an external drive. To stop Spotlight from indexing your external drive, go to the Spotlight panel in System Preferences, then click on the Privacy tab, then you want to drag the drive in to the windows or press the ‘+’ and then select the drive you wish to stop being indexed. If you find Time Machine is slowing down your system, you can always pause the back up till you are finished what you are doing. If you find it is a regular occurrence, you might want to think about using a USB external drive as your back up as this tends to be much faster.

Shut down/delete unused apps

Any apps you have running in the background will be using some of your systems resources, most apps will launch quickly, so there is no real reason to keep them open if you are not using them. You can quit them by either right –clicking on there icon in the dock and then click quit or by pressing the ⌘+Tab to bring up the app switcher, keep pressing the Tab key till you are on the app you want to quit then press ⌘+ Q. Unused apps will tie up disk space so its always best to get rid of them. To make use everything is completely removed you want to use something like AppZapper.

Restart you Mac regularly

Many of us, only ever restart our Macs if we have a problem. It’s always easier to close the lid and let your Mac Book Pro/Air sleep then boot it up. Restarting your Mac will help clear out its cache and will re-initialize hardware, so rebooting regularly can also have performance benefits. Modern Macs, especially those with an SSD installed, can boot almost as fast as they can from Sleep, If you Mac is running slow try and restart it and see if that helps. If you have to leave your Mac on it would recommend restarting it once every few days.

Turn off visual effects

If you have an old Mac, you might want to consider turning off the animations as they can have an effect on your systems performance, Go to System Preferences, then Dock, or choose Dock from the Apple menu if you are not on Yosemite. Uncheck the boxes marked ‘magnification’, ‘Animate opening applications’ and ‘ Automatically hide and show the Dock’. Click on the ‘Minimize windows’ menu and choose ‘Scale effect’.

Empty Safari Tab/clear cache

If you have a look at the Activity Monitor’s RAM tab you will probably see that the most intensive processes are the Safari Tabs. The more you have open, the bigger the performance hit will be. Close all the ones you are not using, try bookmarking the ones you might need again. Open Preferences from the Safari menu, if you are using a pre-Yosemite version of OS X, click Reset Safari in the safari menu, and choose Remove all Website Data, then Reset. In Yosemite, choose ‘Clear History and Website Data’ from the Safari menu and pick an option from the drop-down menu.

Reduce Log in Items and Restart

Log in items are those apps and processes that automatically start when you restart or log in to your account. They are often related to software you no longer need or use. Go to System Preferences, then Users & Groups, then Login items. You will want to click on the padlock at the bottom of the screen so you can make changes. Click on the first login item you no long need and then click on the ‘-‘ at the bottom of the window. Repeat this for all the other login items you don’t want to load at start up then restart.

Keep software up to date

Out-of-date software can sometimes cause performance problems. If the app was not downloaded through the App Sore, click on the application menu and then select ‘Check for Updates’ and download any if available. Now go to the App Store and click on updates and download them if any are available.

Share Button

Avoid dodgy Android Apps

Avoid dodgy Android Apps

Over the past few years there have been an increasing number of Android apps that don’t work as described or that can even pose a security threat to your phone or tablet. Below I will try to explain how to spot them and report them.

Do

Choose security apps from a known company.

Back in April, Google had to refund more than 30,000 customers who purchased the £2.38 fake anti-virus app Virus Shield, from developer Deviant Solutions. The app claimed to protect Android users from “harmful viruses, malware and spyware”, but it did nothing other than change from a red cross to a tick when you taped it. Apart from Google allowing the app to be sold in the Play store in the 1st place, the most worrying part of the story is how the Virus Shield app managed to reach a 4.7-out-of-5 user rating and was in the store’s Top New Paid Apps Chart!

Virus shield fooled more than 30,00 customers in to thinking it was a worthwhile app

Virus shield fooled more than 30,00 customers in to thinking it was a worthwhile app

So you don’t fall for a similar scam, its wise to stick with anti-virus apps from a well-known company. Most of the big names provide tools to help protect your android device from malware, like AVG, Avast and Comodo. Using these apps will help you be sure they will work properly and detect and remove infected files, and they are also regularly updated so they can combat the latest threats.

This does not mean you can always trust a name you recognise. Last month, Kaspersky found fake anti-virus apps imitating their products in both the Play and Windows Phone stores. Roman Uncheck, a Senior Malware Analyst at Kaspersky Labs said, “its quite possible that more and more of these fake apps will start appearing. One thing that’s for sure is that official stores cannot cope with these kinds of scams and need better security measures in place.

Don’t

Believe everything you read on Google Play

User reviews can be helpful when you are not sure about installing an app, especially one that you have to pay for. If you find an app that has mostly bad comments that suggest the app is slow, prone to crash or doesn’t work as described you will want to steer clear of these. Surely if an app has received five-star glowing reviews it must be good, even if you have never heard of them right? This is not always the case as is has become increasingly common for apps developers to buy fake reviews and ratings for their products on the Play and iTunes app store, much like the way you can pay and get thousands of fake Twitter followers.

Companies like BuyAppStore Reviews and BestReviewApp have masses of paid reviewers, who are selling their opinions, you can then buy in bulk to get positive feedback and download for your app. Buy AppStore Reviews have promised that “each of their reviews they provide will be given 4 or 5 stars”, they charge $19.99 (£11.95) for 10 ratings and five reviews to $74.99 (£44.80) for their Gold Promotion Pack of 50 ratings and 30 reviews. Another trick developers can use is to include a message in their apps, that will then encourage the user to give them five stars reviews in exchange for an in-app bonus.

Google is aware of this type of scheme and on its ‘fake Ratings and Reviews’ support page states “you should not attempt to influence your app’s ratings and reviews, by posting fake ratings or reviews”. Google has said that developers should not offer users rewards for giving positive reviews of their apps. “But it’s acceptable to ask users to rate the apps without giving them an incentive”.

The tell-tail signs to see if a review is real or paid for are: click on the reviewers name and see what else they have reviewed, look at the comments they have left, are they all identical if so this would indicate they have just cut and pasted the review especially if they use vague comments like: – “Great app, Just what I was looking for!” these type of comments are easy to repeat across most apps. Apps with higher ratio of reviews to ratings should raise your suspicions (only around 20% of users would rate an app but not bother to review it). Watch out for fake negative reviews and ratings, as spiteful developers are also using them to bring down their rivals’ averages.

If however you think you have found a false review hover your mouse over it and click the flag icon to mark it as spam. Games are the ones most likely to attract this sort of review, according to TechCrunch, so always take what you have read with a pinch of salt.

Do

Research unfamiliar app developers

Google play prides itself in having more of an ‘open’ app store unlike Apple, this means developers only need to certify apps themselves before they are made public. Apps that are made available for iOS will have to go through rigorous testing and be approved by Apple before they are allowed into Apple’s Store (but some questionable apps have still slipped through Apples testing process).

This makes Google’s Play store a grate way for 1st time-developers to showcase there apps, but it also means there is little quality control, other than Google’s Bouncer tool, which scans all submissions for malware.

To help reduce the risk of downloading a dodgy app you should always read the description carefully and look for signs like poor spelling and grammar (a professional developer will always proofread their submission carefully); vague details about what the app does; lack of screen shots; incorrect company logo. You should always click the developers name to see what else they might have made and the reviews they might have gotten.

Look for the top developer label as a mark of quality and reliability

Look for the top developer label as a mark of quality and reliability

Google labels their popular app creators as ‘Tip Developers’, but this does not always mean you should dismiss anyone who does not have a history of making apps. If you are ever in doubt, you could always contact the developer directly and ask for more information about the app, if its legitimate they won’t mind replying to help reassure you.

Don’t

Install apps from outside Google Play

There have been a fair share of dodgy apps hosted by Google Play in the last few years, Recent figures from cyber-security firm Opswat found that a third of all Android apps outside the Play store were infected with malware, while two-thirds could be regarded as “suspicious”, this also included repackaged versions of popular apps like Angry Birds and Twitter.
To help stop risky apps being installed on your Android phone or tablet, go to: Settings, Security and Swipe to ‘Unknown sources’ and untick ‘Allow installation of apps from sources other than the Play store’.

You should also make sure that ‘Verified Apps’ is ticked, doing this will help to warn you about potentially dangerous apps, but this is not a substitute for a dedicated mobile security app. The problem with blocking everything from outside of the Play store is you then cant install apps that are safe but Google objected to, the most notable one being Adblocker Plus, which was pulled last year from the Google play store, you can still install it from its website. Android will not let you block some apps but let other pass, so it’s a case of all or nothing.

You can only install Adblock Plus by allowing apps from unknown sources.

You can only install Adblock Plus by allowing apps from unknown sources.

Do

Check permissions before and after installing

List of Permissions Gmail Requires

List of Permissions Gmail Requires

The permissions required by some Android apps can sound a lot more alarming than they are, but some do go beyond what we expect, apps that require “full internet access” or to be able to “Directly call phone numbers” for no obvious reasons should set your alarm bells ringing. This is especially true when an app requests that you update it manually, so it can add a new permission.

When you install an app from Google Play, it will ask for permissions so you can decide if you want to still install it. If you want to check the permissions apps have on your device, go to settings, Apps and select an app, Swipe to permissions section and press one to read more about it.

You can always use F-Secure App Permissions to review all the app on your device and the permissions they have, so you can see which ones might cost you money, use your current location, see all your personal info and can make changes to your system settings. Unfortunately you can’t revoke permissions (at least, not on a non-rooted device), but if you are not happy with the permissions an app has you can always uninstall it.

Do

Request refunds for rubbish apps

In the past, if you bought an app from the Play Store and it was a letdown, you only had 15 minutes to claim a full refund, this is still what Google has on its ‘Return paid apps and games’ page and in the box that opens when your buy an app.

The Android Police did some research and discovered Google had quietly changed its returns policy, by extending the time limit for an app refund from 15 minutes to 48 hours, Google also issue the refunds themselves rather than passing the option to the developer. Once you have been granted a refund the app will disappear from your device.

You might still be able to get a refund after 48h, but there would need to be a good reason why. Google covers the cost of the refunds themselves, protecting developers from lost sales. Following the embarrassment of the fake Virus Shield app, Google offered every one that purchased the add $5 (£2.99) to spend in the Play store as well as a full refund, but please don’t expect this for ever bad app in the Play Store!

You have more than 15 minutes to claim an app refund, despite what the Play store states

You have more than 15 minutes to claim an app refund, despite what the Play store states

Share Button