How to identify malicious apps on Google Play Store

As the number of apps on the Google Play Store continues to grow, with an average of 3,700 apps added every day, it can be challenging for users to ensure the apps they download are legitimate and safe. Unfortunately, not all apps on the Google Play Store are trustworthy, and some are designed to steal personal information or commit fraud. 

At MCP, we understand the importance of keeping mobile devices and transactions secure. Our anti-fraud platform protects consumers and businesses by identifying and blocking non-human behaviour. Recently, we discovered a fraudulent app called “Galaxy Live Wallpapers” and decided to share some tips on how to identify malicious apps on the Google Play Store. 

12 tips for identifying malicious apps 

Here are a few things you can look out for when trying to identify malicious apps on the Google Play Store: 

1. Check the app’s permissions

When downloading an app from the Play Store, users should pay attention to the permissions the app is requesting. While some permissions are necessary for the app to function correctly, others may be unnecessary and raise red flags. Be wary of apps that ask for excessive or unnecessary permissions. If an app is asking for permissions that don’t make sense for its stated purpose, it could be a sign that it’s malicious. For example, an app that asks for access to contacts, phone status, or network connectivity without a clear reason should be avoided. 

2. Look at the app’s reviews

Another important factor to consider is user reviews. While reviews can be a great source of information, they can also be misleading, so users should be aware that some people are paid to write positive reviews. Users should look for reviews that mention fake offers or excessive advertisements, as these apps are more likely to engage in malicious activity. In addition, developers who respond to user feedback and support tend to be more trustworthy.

3. Number of installs

The number of user installs can be a useful indicator, but it’s not always reliable. Some malicious apps can have a large number of installs and reviews. Therefore, it’s important for users to consider the ratio of installs to reviews. 

4. Check the app’s age

Newer apps have less time to accumulate negative reviews or be reported as malware, and some malware lies dormant for a period of time before it attacks. If you don’t need the app straightaway, wait for a bit and monitor reviews and installs before downloading.  

5. Activate Google Play Protect

Make sure you have activated Google Play Protect, most Androids come with it already installed. It runs a safety check on apps from the Google Play Store before you download them. It also periodically scans the entire system for rogue viruses on all installed apps; make sure scanning is turned on in the Biometrics and Security section of your device’s settings. You can also download other mobile antivirus apps to provide more protection. 

6. Check the app’s developer

Often developers are unaware that their app contains malware, they can be victims of cybercriminals just like the device owner. However, there are dishonest developers out there so it’s worthwhile checking them out. Verify that the developer appears legitimate by reading reviews for the developer on Play Store, visiting their website, looking at reviews for other apps by the same developer and checking out their social media for customer feedback.

7. Look for red flags in the app description 

Pay attention to the app description and look for red flags such as spelling or grammatical errors, vague or generic information, or a lack of details about the app’s functionality.

8. Check the app’s developer email  

Developers should have an email address listed on their app’s page on the Google Play Store. Users can check if this email is legitimate and whether it belongs to the app’s official developer.

9. Inspect the app’s code 

If you’re familiar with coding language and programming, or know someone who is, have a look at the app’s code to see if there are any suspicious elements. For example, if the app requests unnecessary permissions or uses a third-party library that is known to be associated with malware, it’s likely that the app is malicious.

10. Check the app’s website  

Developers often have a website associated with their app, which can be found on the app’s page on the Google Play Store. Users can check if the website is legitimate and whether it contains information about the app’s functionality and the developer’s contact details.

11. Utilise additional mobile security apps 

There are a variety of mobile security apps that can help users identify malicious apps. These apps can scan apps for malware, detect suspicious behaviour, and alert users when an app is potentially dangerous.

12. Be vigilant of apps that ask for sensitive information 

If an app is asking for sensitive information like passwords, credit card details or sensitive personal information, it is more likely to be malicious. Users should be cautious about providing sensitive information and stick to apps that are from well known and reputed developers and companies. 

These are some general guidelines to follow, but it’s important to remember that no method is foolproof and malicious apps can still slip through the cracks. Always use caution when downloading apps, and if an app seems suspicious, it’s best to avoid it. 

In the case of the “Galaxy Live Wallpapers” app, the malware was designed to open an offer on a website within the app, complete the offer and validate the paid subscription without the user’s consent: leading to a subscription the user never requested and harm to the mobile operator’s and the CSPs reputation. 

How MCP helps MNOs and CSPs protect their customers from malware 

We hope that the tips we’ve shared above will help users make more informed decisions when downloading apps on the Google Play Store, and ultimately keep their devices and personal information secure. Please share these tips with your customers to help them stay safe. 

At MCP, we continuously test and validate potential issues coming from websites or malicious applications to protect our clients. MCP provide a comprehensive solution to help mitigate the risk and harm of malicious apps, this includes fraud detection, compliance and media monitoring solutions. In case you are looking for a solution, don’t hesitate to contact us.

related posts

Building a Secure and Trustworthy Mobile Payments Ecosystem

Following a recent MEF webinar discussing fraud in the mVAS/DCB space, here we share why collaboration is the key to protecting customers and the value chain.

Telecoms World Middle East 2024

Book a meeting with MCP Insight at 8.1 LIVE to explore how we can protect your mVAS/DCB business and grow revenue.

Cookie Consent Pop-ups on mVAS Advertising Flows

Cookie consent pop-ups are appearing on mVAS advertising flows after several EU data protection supervisory authorities issues new guidance. Here we explore how to minimise any negative impact and ensure compliance.