How to spot fake Android apps
Posted on 16.12.2011
In the wake of the news that Google has again been removing Premium SMS fraudulent apps masquerading as popular games from its the official Android Market, TrendMicro's Kervin Alintanahin has decided to share a few tips on how to detect apps that might not be legitimate and - what's worse - downright malicious.

First, it pays to know who the developers behind the most popular apps (especially games) are. If you are aware that, for example, the developer of Angry Birds is Rovio Mobile, the fact that other developers offering a game named the same or an app purporting to be an addition for the game should make you suspicious.

"Users can also check the developerís profile for other apps. Google also offers developer ratings, as well as the status 'Editorís Choice' that can further validate the developerís legitimacy," he says. "The same goes for other information on the appís web page, such as the appís icon and name. If somethingís seems amiss, then itís probably better to skip downloading it."

Then, check the number and the quality of the reviews. A small number of very short and generic reviews for an extremely popular game is a sure sign that something is amiss.

Finally, check other sites for reviews of the app you're thinking of downloading. "Getting more feedback, preferably from different sources will definitely help verify the appís quality," he points out. "This is very important especially since cybercriminals will also most likely try to fool users through feedback. They can post misleading reviews and give inaccurate ratings to trick the users into thinking that a particular app is legitimate."


More than 900 embedded devices share hard-coded certs, SSH host keys

SEC Consult analyzed firmware images of more than 4000 embedded devices of over 70 vendors and found that, in some cases, there are nearly half a million devices on the web using the same certificate.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th