RiskIQ researchers have been monitoring over 120 mobile app stores around the world, and based on their findings, they advise users to be on the lookout for three suspicious things when evaluating the legitimacy of an app:
“If an app’s permissions are not congruous with the functions it claims to provide, you should be suspicious. For example, does an app really need access to your phone calls, SMS messages, or billing to serve its purpose?” the pointed out.
App developers using free email services
Developers of malicious apps also often list contact email addresses opened with free email services such as Hotmail, Gmail, and Yahoo!
“Consumers are advised to be aware of who they expect the app to come from, and verify that the contact of the app they’re downloading is legitimate. For instance, the contact for an app purporting to be from a well-known brand will not be ‘firstname.lastname@example.org.’”
Another thing that should make users suspicious is when there is no contact email listed. An online search for the developer based on the information that is provided and a critical evaluation of the results should be a must before even thinking about downloading the app.
Poor and/or slapdash app descriptions
Numerous downloads and good reviews are not an indication that the app is surely legitimate.
“Rave reviews can be forged, and a high amount of downloads can simply indicate a threat actor was successful in fooling victims,” the researchers noted.
Users would do well to look at the app’s description: poor grammar and nonsensical exposition could, of course, be an indication that the developer is not familiar with the language, but it’s also one of the hallmarks of mobile malware campaigns.
Mobile malware makers are quick to exploit trending topics
Popular games, holidays, current events, and important dates are often exploited. For example, in August and September the “back to school” theme begins trending and, right on queue, it is being taken advantage of.
By searching for “back to school” apps, RiskIQ researchers have found 9,343 apps on app markets that fit the description. Of these, 1,182 (12.7%) are detected as harmful by RiskIQ and/or one or more antivirus vendors.
“We found that the Google Play Store, which has a relatively good reputation but led app stores in total blacklisted applications in Q2, hosts 333 of the blacklisted ‘back to school’ apps,” they noted.
“The fact that thousands of these apps are live in popular stores like Google Play goes to show that consumers are largely left to their own discretion when determining if an app is safe.”