Spotting dangerous imposter retail apps popping up in time for the holidays

Risky business

Ah, the holidays! With hopes for a festive holiday season just around the corner, everyone wants to make it easier for you to shop for amazing gifts for those special people in your life. Including, it seems, scammers, who want to trick you into downloading fake apps from very real brands.

Over the past month, there has been a significant increase in the number of counterfeit apps in the Apple App Store that appear to be authentic, from stores ranging from luxury brands such as Christian Dior and Jimmy Choo all the way to discount stops such as Dollar Tree. These, however, do not go to the official apps of the retailer, but instead link to apps that range from the annoying to the malicious.

In some, the user is asked to provide Facebook login information or credit card data, exposing them to financial and personal security risks, as well as malware that could turn their iPhone into an information sieve, providing access to all of one’s virtual life to a bot.

Who is to blame?

So, who’s behind the latest attempt to defraud you?

The New York Times names the chief culprits to be a company called Cloaker. Cloaker, based in China, provides the technology that undergirds thousands of apps found in the Apple App Store, but does not look into the veracity of what the clients are asking them to create.

Speaking to The New York Times, Jack Lin, the ostensible founder of Cloaker, commented that, “We hope that our clients are all official sellers. If they are using these brands, we need some kind of authorization, then we will provide services.” Although Mr. Lin’s words may sound soothing, take into consideration that Cloaker’s website purports many far-fetched claims, such as the branch office that they maintain they keep in the middle of Facebook’s headquarters in Menlo Park, Calif.

What is Apple doing?

“[W]e take…security very seriously,” said an Apple spokesman, Tom Neumayr, speaking to The New York Times. “We’ve set up ways for customers and developers to flag fraudulent or suspicious apps, which we promptly investigate to ensure the App Store is safe and secure. We’ve removed these offending apps and will continue to be vigilant about looking for apps that might put our users at risk.”

Apple’s vigilance aside, the App Store is besieged daily by an influx of new fake apps. When an app is submitted for review by Apple, it’s important to note that the problem is one of scale.

With literally thousands of apps submitted to iTunes on a daily basis, Apple has made the choice to scan for software that may be compromised of malicious code, rather than looking at apps individually to see if they are connected to the brands that they purport to be.

Once the app has passed the initial phase of Apple’s scrutiny on its submission to the App Store, developers have been known to then alter the content inside the app, or simply overwhelm the App Store by changing their bona fides and resubmitting similar apps to those detected as fakes. Some of the developers have been known to utilize Apple’s systems against it, using the paid search ad feature to place their fake app higher in the results screen than the actual item itself.

Protect yourself

So, how do you protect yourself?

Spelling counts: You’d think that a company would take the time to spell its name brand correctly, and you’d be right. Many of these counterfeit apps have names that don’t reflect an accurate spelling or otherwise appear slightly wonky as compared to the official branding. There are other signs of problems beyond the names, too. The menus and support services may not be in standard English, or even in approximately professional English grammar and spelling, which one can reasonably expect of an authentic brand app.

They existed out of thin air: While everyone has to start somewhere, you should expect authentic apps to have reviews that have the air of authenticity to them. Many of these fakes have either no review history or one that is very similar to a cut- and-paste approach to a 5-star rating and the same comments on review after review. Also, many of these counterfeits do not have a history of prior versions or updates.

First isn’t always best: As we discussed, with many counterfeiters using the Apple paid search feature to boost themselves to the top of the ratings, being at the top isn’t a sure sign of authenticity.

Ultimately, although Apple means well and is quick to respond to complaints, it is up to you as the consumer and the brand itself to police the App Store and to report signs of fraudulent behavior. While the holidays ought to be the season for being jolly for everyone, make sure that it’s only those who didn’t make the naughty list who get to enjoy them.

#ScammyScam