There is an ongoing debate about the security of Google Android versus Apple iOS. The contention has been that with the controlled environment of Apple iOS, you cannot just install any program without going through the Apples Store. Lately, this has been proven to be false as a slew of fake apps have found their way in both iOS and Android.
The news about more than a hundred fake shopping apps on the Apple Store may come as a surprise for some. However, when you look at it from a different perspective, it was just a matter of time for fake apps to appear.
The Strength of iOS and Android
With a controlled environment, it was hoped that apps could be filtered and that malware would be weeded out. This may be true of the operating system. Both iOS and Android are supposed to be secure operating systems. The only way for any software to gain entry would be if it were intentionally allowed entry. That is if the user installed the app.
This would have taken several steps, not the least of which was the actual download, setup, and install, as well as giving rights for the program to write to the operating system. Both operating systems closed the door to the last item. These OS do not allow any software just to write to the system areas or overwrite any system program.
On the other hand, they are still vulnerable to trojan horses. These are apps which appear innocuous but are malware. The fake apps which have grown rampant lately were all Trojan horses. The malware were all included in the Apple Store and Google Play. Unsuspecting users would be able to install these apps in the same way that they would be allowed to install regular programs.
Not a Strict Gatekeeper
The Apple Store has always prided themselves that they filter the apps on the Apple Store. However, for some reason, these fake apps were included in the listing. The same is true of Google Play. There have been fake apps included in the mix of bona fide apps.
One of the reasons for the decreased vigilance is the sheer volume of new apps. With new developers and vendors wanting to sell via apps, there is just too many of them to be screened properly. Also, new vulnerabilities in the application process may have been used by these fake app developers.
Both Google and Apple have taken note of the fake apps in their stores and have taken steps to prevent their listing. They have also started investigating these apps and how they were able to get into the store. These are ongoing measures, and it would take some time to rid the stores of these fake apps.
Risks and Rewards for Fake Apps
There’s a lot at stake for the fake app developers. For one, there are more users and shoppers online. For another, the volume of sales has been increasing and will continue to increase in the coming days. Fake apps have these as their rewards. When the fake shopping apps are used, they would be able to sell their products, but they might not deliver them. Or another scenario would be that these are real online stores, but are trying to spoof big name brands.
For fake stores, these would be stealing money from buyers. Alternatively, they could be channels for phishing. The users would not know that they are giving away their usernames, passwords, PayPal accounts, or credit/debit card information. There have also been cases of Facebook accounts being hijacked and the information harvested. This identity theft can be an invaluable resource for criminals who trade in online identities.
Just as bad are fake shopping apps which look like the real shops. They may even be selling real products, but there is no guarantee that they would deliver the real goods. The items on their online storefront might be fake, or even non-existent. This is almost as bad as fake apps which are phishing for information.
For the fake app developers and phishers, the risks are relatively small compared to a large number of users on these stores. Not all users are as vigilant as they should be. For any single victim of credit card fraud, the amount that can be stolen can be large.
In Time for the Holidays
What is obvious is that these apps are increasing in number and they are all aimed at the holiday crowd. The big chunk of the annual sales of any retail company is during the last two months of the year. This is a big opportunity for criminals to cash in using fake apps to cheat customers.
What is worse about this identity theft and phishing is that the perpetrators will not be content at just stealing during the holidays. If they can capture your online identity or your credit card information, they can purchase anything, or they can even withdraw money in your name. Transferring money can be done easily, and once that is done, it can be forwarded or withdrawn almost immediately, and the trace disappears from there.
When in Doubt
There are a lot of ways to protect yourself from fake apps and other malware. For one, you should make doubly sure that the app you are installing is genuine. When in doubt, send an email to Google or Apple support. For another, you can check out the app’s website. The growing and irreversible trend are to go online for shopping, and any advice to stop doing so would be useless. You can try to shop at established online shops like Amazon or Barnes and Noble. However, if there is a choice or if you have lost trust in online shops, then you have no choice but to go to a physical brick-and-mortar store.