Mobile apps are where e-commerce dollars are at right now, and fraudsters are taking notice. Industry reports indicate that fraudulent transactions from mobile apps have increased by a whopping 300% since 2015.
In this article, we take a look at fraudulent/ fake apps, their distribution and the danger they pose to your customers, and how you can protect your brand and business.
What are rogue mobile applications?
They are unauthorized Android or iOS apps which mimic the logo, branding and functionality of legitimate businesses in order to scam unsuspecting consumers into downloading the fake apps onto their mobile devices. FraudWatch International reports that it is not uncommon to see several hundred iterations of the same fake mobile apps created, netting their creator’s significant revenue. Once installed the applications are programed to carry out several different malicious actions depending on their design:
As the name suggests, this app does absolutely nothing. When a consumer pays to download the fraudulent app (which is nothing more than a convincing façade), the fraudster pockets the money.
Apps packed with Adware
Other fake apps contain adware, automatically flooding the unsuspecting user with hundreds of pop up ads to gain access to lucrative advertising revenue. Often these fake apps have a cloaking feature built into their code, meaning the app doesn’t create a shortcut icon on the home screen, making finding and uninstalling it very difficult.
Most dangerous are the apps which infect the device with malware used to harvest personal information and sensitive financial data. Such is the level of sophistication behind these malicious apps, many are capable of obtaining the brand, model and unique ID of the device upon which they are installed; even its physical location.
Distribution of malicious apps
While the majority of fraudulent apps are usually found on third-party websites, don’t make the mistake of assuming an app on Google Play, iTunes Store or the App Store is legitimate. FraudWatch International recently discovered that an unauthorized app, created using a client’s branding, was successfully hosted on Google Play. While Google Play Protect exists to catch these malicious apps, it does not make this platform immune to fraudulent activity, and it’s clear that the script being used by scammers is sophisticated enough to slip past security measures undetected.
How did it happen? Until recently, the process of having an app approved for sale on a platform like Google Play or the App Store was a lengthy and mostly manual process. In a bid to speed up release cycles, the app stores have simplified and automated the process of approving the sale of apps on their platforms; scammers have found this faster, simpler process much easier to exploit.
The risk to your business
Your brand IS your business, and fraudulent use of logos and branding can result in significant damage to the image and reputation of an organization if associated with malicious activity. In addition to this, the financial implications of mobile application malware infection can be substantial. Not only is your business losing out on immediate revenue through the downloading of fake copies of your genuine mobile app, the loss of consumer trust once the fraud is discovered is lasting, and takes time to recover.
It starts with prevention
Prevention is better than cure when it comes to malware protection, and protecting your mobile app from fraudulent activity is no different. FraudWatch International’s Mobile Apps Security services can help you to put a strategy in place to secure your business against malicious threats in the mobile sphere.
In the event that you do not have such a strategy in place and believe your mobile app has been fraudulently replicated, early detection is key. In the example referenced above, FraudWatch International was able to work with Google Play to remove the unauthorized app, preventing further downloads by unsuspecting consumers. Don’t put your business at financial and reputational risk by thinking it will never happen to you; click here to speak with FraudWatch International today about their Mobile Apps Security service, and protect yourself and your valued customers from a malicious threat.