Avoid dodgy Android Apps
Over the past few years there have been an increasing number of Android apps that don’t work as described or that can even pose a security threat to your phone or tablet. Below I will try to explain how to spot them and report them.
Choose security apps from a known company.
Back in April, Google had to refund more than 30,000 customers who purchased the £2.38 fake anti-virus app Virus Shield, from developer Deviant Solutions. The app claimed to protect Android users from “harmful viruses, malware and spyware”, but it did nothing other than change from a red cross to a tick when you taped it. Apart from Google allowing the app to be sold in the Play store in the 1st place, the most worrying part of the story is how the Virus Shield app managed to reach a 4.7-out-of-5 user rating and was in the store’s Top New Paid Apps Chart!
So you don’t fall for a similar scam, its wise to stick with anti-virus apps from a well-known company. Most of the big names provide tools to help protect your android device from malware, like AVG, Avast and Comodo. Using these apps will help you be sure they will work properly and detect and remove infected files, and they are also regularly updated so they can combat the latest threats.
This does not mean you can always trust a name you recognise. Last month, Kaspersky found fake anti-virus apps imitating their products in both the Play and Windows Phone stores. Roman Uncheck, a Senior Malware Analyst at Kaspersky Labs said, “its quite possible that more and more of these fake apps will start appearing. One thing that’s for sure is that official stores cannot cope with these kinds of scams and need better security measures in place.
Believe everything you read on Google Play
User reviews can be helpful when you are not sure about installing an app, especially one that you have to pay for. If you find an app that has mostly bad comments that suggest the app is slow, prone to crash or doesn’t work as described you will want to steer clear of these. Surely if an app has received five-star glowing reviews it must be good, even if you have never heard of them right? This is not always the case as is has become increasingly common for apps developers to buy fake reviews and ratings for their products on the Play and iTunes app store, much like the way you can pay and get thousands of fake Twitter followers.
Companies like BuyAppStore Reviews and BestReviewApp have masses of paid reviewers, who are selling their opinions, you can then buy in bulk to get positive feedback and download for your app. Buy AppStore Reviews have promised that “each of their reviews they provide will be given 4 or 5 stars”, they charge $19.99 (£11.95) for 10 ratings and five reviews to $74.99 (£44.80) for their Gold Promotion Pack of 50 ratings and 30 reviews. Another trick developers can use is to include a message in their apps, that will then encourage the user to give them five stars reviews in exchange for an in-app bonus.
Google is aware of this type of scheme and on its ‘fake Ratings and Reviews’ support page states “you should not attempt to influence your app’s ratings and reviews, by posting fake ratings or reviews”. Google has said that developers should not offer users rewards for giving positive reviews of their apps. “But it’s acceptable to ask users to rate the apps without giving them an incentive”.
The tell-tail signs to see if a review is real or paid for are: click on the reviewers name and see what else they have reviewed, look at the comments they have left, are they all identical if so this would indicate they have just cut and pasted the review especially if they use vague comments like: – “Great app, Just what I was looking for!” these type of comments are easy to repeat across most apps. Apps with higher ratio of reviews to ratings should raise your suspicions (only around 20% of users would rate an app but not bother to review it). Watch out for fake negative reviews and ratings, as spiteful developers are also using them to bring down their rivals’ averages.
If however you think you have found a false review hover your mouse over it and click the flag icon to mark it as spam. Games are the ones most likely to attract this sort of review, according to TechCrunch, so always take what you have read with a pinch of salt.
Research unfamiliar app developers
Google play prides itself in having more of an ‘open’ app store unlike Apple, this means developers only need to certify apps themselves before they are made public. Apps that are made available for iOS will have to go through rigorous testing and be approved by Apple before they are allowed into Apple’s Store (but some questionable apps have still slipped through Apples testing process).
This makes Google’s Play store a grate way for 1st time-developers to showcase there apps, but it also means there is little quality control, other than Google’s Bouncer tool, which scans all submissions for malware.
To help reduce the risk of downloading a dodgy app you should always read the description carefully and look for signs like poor spelling and grammar (a professional developer will always proofread their submission carefully); vague details about what the app does; lack of screen shots; incorrect company logo. You should always click the developers name to see what else they might have made and the reviews they might have gotten.
Google labels their popular app creators as ‘Tip Developers’, but this does not always mean you should dismiss anyone who does not have a history of making apps. If you are ever in doubt, you could always contact the developer directly and ask for more information about the app, if its legitimate they won’t mind replying to help reassure you.
Install apps from outside Google Play
There have been a fair share of dodgy apps hosted by Google Play in the last few years, Recent figures from cyber-security firm Opswat found that a third of all Android apps outside the Play store were infected with malware, while two-thirds could be regarded as “suspicious”, this also included repackaged versions of popular apps like Angry Birds and Twitter.
To help stop risky apps being installed on your Android phone or tablet, go to: Settings, Security and Swipe to ‘Unknown sources’ and untick ‘Allow installation of apps from sources other than the Play store’.
You should also make sure that ‘Verified Apps’ is ticked, doing this will help to warn you about potentially dangerous apps, but this is not a substitute for a dedicated mobile security app. The problem with blocking everything from outside of the Play store is you then cant install apps that are safe but Google objected to, the most notable one being Adblocker Plus, which was pulled last year from the Google play store, you can still install it from its website. Android will not let you block some apps but let other pass, so it’s a case of all or nothing.
Check permissions before and after installing
The permissions required by some Android apps can sound a lot more alarming than they are, but some do go beyond what we expect, apps that require “full internet access” or to be able to “Directly call phone numbers” for no obvious reasons should set your alarm bells ringing. This is especially true when an app requests that you update it manually, so it can add a new permission.
When you install an app from Google Play, it will ask for permissions so you can decide if you want to still install it. If you want to check the permissions apps have on your device, go to settings, Apps and select an app, Swipe to permissions section and press one to read more about it.
You can always use F-Secure App Permissions to review all the app on your device and the permissions they have, so you can see which ones might cost you money, use your current location, see all your personal info and can make changes to your system settings. Unfortunately you can’t revoke permissions (at least, not on a non-rooted device), but if you are not happy with the permissions an app has you can always uninstall it.
Request refunds for rubbish apps
In the past, if you bought an app from the Play Store and it was a letdown, you only had 15 minutes to claim a full refund, this is still what Google has on its ‘Return paid apps and games’ page and in the box that opens when your buy an app.
The Android Police did some research and discovered Google had quietly changed its returns policy, by extending the time limit for an app refund from 15 minutes to 48 hours, Google also issue the refunds themselves rather than passing the option to the developer. Once you have been granted a refund the app will disappear from your device.
You might still be able to get a refund after 48h, but there would need to be a good reason why. Google covers the cost of the refunds themselves, protecting developers from lost sales. Following the embarrassment of the fake Virus Shield app, Google offered every one that purchased the add $5 (£2.99) to spend in the Play store as well as a full refund, but please don’t expect this for ever bad app in the Play Store!