Hot topics

How to spot fake apps on the Google Play Store

AndroidPIT new apps 1
© nextpit by Irina Efremova

It seems that with every year, the number of malicious or misleading apps on the Play Store increases. Google is often quick to take action and remove them, but they're still a long way from providing a quality defense against malware. In this article, we’ll try to define some basic principles that should help avoid malware-ridden applications.

The Play Store has become an ugly place. It was once a great resource. Does your phone need a new feature? Okay, just go to the Play Store, try out some apps and you’ll be able to solve your problem. Nowadays, it’s not so easy. Scammers can falsify positive ratings, buy a high ranking, and sometimes outright plagiarize other apps.

Google for the most part still relies on purely automated forms of quality assurance. Algorithms analyze new apps and updates of known code fragments or behavioral patterns, much like an anti-virus on Windows computers. If an automatic alarm is signaled, the app will likely be sent back to the developer.

The system ensures that 99 percent of all malicious apps don’t reach users via the Play Store, or that’s at least what Google stated in an old blog post. The algorithms have become a bit smarter thanks to machine learning. At this point, they are able to detect fake identities, inappropriate content, and new types of malware.

Creators of malware are better organized

In 2017 examples such as SonicSpy demonstrated that malware creators and networks are literally bombarding the Play Store. Google now recognizes “repeat offenders and abusive developer networks" and has already banned 100,000, which has made it more complicated to create a new developer account. However, there are still cases where they manage to slip through. In 2018, half a million users downloaded malware posing as driving games. more cases have been found in 2019 too.

But how do I recognize bad apps?

Flashlight apps are obsolete

Certain apps and games are particularly vulnerable to abuse. Flashlight apps, in particular, have benefited from users’ careless habits. Usually, users are informed of the app’s permissions before installation, although since 2015 they are sometimes only informed once they've started using it. A while ago there were a large number of flashlight apps that also wanted to be able to send an SMS. Enough users accepted this obviously fraudulent permission and got caught in a trap. The flashlight app could then send premium SMS messages and earn money for the app developers.

play store bad apps 2
Certain app categories are particularly susceptible to fraud. / © NextPit

At the same time, most flashlight apps actually only need camera permission. This makes sense because the LED connected to the camera is controlled via the camera permission. However, not all users know that a flashlight app has already been given to them. It’s probably already in your smartphone’s Quick Settings. Just pull your finger down from the top of the screen and look for the small flashlight silhouette.

P9 quick settings
The flashlight is already integrated into the Quick Settings of most Android smartphones, which makes these apps unnecessary. / © NextPit

If you install a flashlight app anyway, it will probably interrupt its actual function with several commercial breaks. Advertising in apps is tolerable to a certain extent, but the added value that the app provides must be commensurate with the number of advertising interruptions. With such a superfluous app, there is no reason to tolerate advertising.

Booster and cleaner apps are inherently useless

If your memory is full, your phone is slow or the Wi-Fi isn’t good enough, there are well-established solutions to your problems. The Play Store won’t provide any answers. We have an article on each of these topics, as they’re among the most common problems with smartphones. Other media have also written very good reports on this.

App creators, however, have found successful ways to profit by creating completely useless and sometimes harmful apps in the Play Store.

play store bad apps 1
Have you ever downloaded a battery and charged your phone? DU apps claim they can do it. / © NextPit

Optimization apps are making a profit out of your desperation. Whatever they say works must be able to help your battery. Cheetah Mobile was able to record several hundred million downloads doing this, and the boss of the company has twice stated outright that the app is no good.

The reason is that apps can't work miracles. Android has a so-called sandboxing principle. Each app works in its own capsule and must not interfere with the system in any way that could prolong battery life. In this respect, we have already been provided the optimizations by Android and the smartphone manufacturer.

However, poor performance is often due to the fact that an app consumes a lot of energy. If this is the case, you should identify the app and just uninstall it. You can probably find a more economical alternative to it, which leads us to the next problem...

Copies and counterfeits pretend to be alternatives

While looking for popular games like Solitaire, Tetris, or Bubble Poppers I recently noticed it again: it is practically impossible to search for apps with the Play Store's search tools, because:

  • You can’t hide apps with advertisements or in-app purchases.
  • The average score is worthless because it can be generated by click farms.
  • It is rarely explained why the app requires certain permissions.
  • You never know whether in-app purchases are a one-time thing or recurring as well as what they'll provide you.

And even worse, the apps rarely offer what you expect. Most Bubble Poppers end up being just a loot box system with pointless in-app purchases.

bubble witch saga 2
In the Bubble Witch 3 Saga, the virtual witch's cottage will cost you extra. / © NextPit

Most games are good for the first few minutes. With some luck, they’ll be easy to play for a few hours. And then suddenly they’re asking for cash. If they stuck with a one-time in-app purchase that would unlock all the remaining levels like in Super Mario Run and then never asked for money again, everything would be fine. Yet, a lot of games drive you into virtual bankruptcy, which could cost you a lot of money in real life.

Check what apps are allowed to do

Since fakes are becoming smarter and better at posing as regular apps, it's a good idea to check exactly what they are allowed to do. You don't need to be tech-savvy or an Android expert to do so. If you want to make sure that the game your child just downloaded on your phone, for example, is not malicious, go to your phone's Settings menu. From there open Apps and find the app in question.

Screenshot 20190111 172202 Settings
You will find detailed info about an app's activity in your settings. Note: the app in the picture is not malicious, it was picked at random for the screenshot. / © NextPit

You will be able to check how much mobile data, storage, and RAM the app is using, as well as what permissions it has. Tapping on Mobile data will also reveal if the application is allowed to use data in the background. If an offline game, for example, has used background data, that's a good indication that something shady might be going on (unless you have mobile data updates). It's not a foolproof method of catching malware by any means, but it's never a bad idea to be informed about what apps are allowed to do on your device.

What makes a good app?

A reasonable app will explain to you at the beginning if you have to pay for anything. Google has placed small references to ‘In-app purchases’ right next to the download button. In the app descriptions below, you can see an app’s price range.

in app purchases
Unfortunately, Google doesn't list you what you can actually buy as an in-app purchase. / © NextPit

There are issues with both permissions as well as advertising. The developer should ideally justify the necessary permissions in the description of the app (like in Threema, for example). They have to be explained in accordance with the app’s functions. A flashlight shouldn’t need to send SMS messages and a Bubble Popper shouldn’t need access to your camera or microphone, let alone your contact list.

Google should more precisely identify ads: are they just small banners on the edge or are they full-screen ads? Are there videos or just static content? In the worst case, the advertisements steal the screen for several seconds or cause you to accidentally press on them and waste precious data. Does the app actively encourage you to press on ads to get bonuses? Don’t let them exploit you!

Conclusion: app research is about having the right information

The list of things to consider hasn’t become any shorter in recent years. App creators with deviant motives to make profits are becoming smarter at the same rate as Google’s anti-malware team. So the user still has to be incredibly careful with banal things like finding the right Solitaire app for Android until things improve.

What's your story? Have you ever fallen into a bad advertising trap? What do you pay attention to when searching for new apps? Or have you given up completely and only install apps that you already know?

The current best Samsung phones to buy

  Editor's choice S23 with a bigger display 2023 flagship 2023 foldable flagship 2022 fodlable flagship 2023 compact foldable 2022 compact foldable Affordable flagship The popular mid-ranger
Image Samsung Galaxy S23 Ultra Product Image Samsung Galaxy S23+ Product Image Samsung Galaxy S23 Product Image Samsung Galaxy Z Fold 5 Product Image Samsung Galaxy Z Fold 4 Product Image Samsung Galaxy Z Flip 5 Product Image Samsung Galaxy Z Flip 4 Product Image Samsung Galaxy S23 FE Product Image Samsung Galaxy A54 Product Image
Review: Samsung Galaxy S23 Ultra
Review: Samsung Galaxy S23+
Review: Samsung Galaxy S23
Review: Samsung Galaxy Z Fold 5
Review: Samsung Galaxy Z Fold 4
Review: Samsung Galaxy Z Flip 5
Review: Samsung Galaxy Z Flip 4
Not yet tested
Hands-on: Samsung Galaxy S23 FE
Review: Samsung Galaxy A54
  • $1,199.99
  • $999.99
  • $799.99
  • $1,799.99
  • $1,799.99
  • from $999.99
  • $999.99
  • $699.99
  • $449.99
Go to comment (11)
Eric Ferrari-Herrmann

Eric Ferrari-Herrmann
Senior Editor

Eric has been with AndroidPIT since 2014. He’s writing articles and reviews for the German website. Topics are mostly privacy and new technology but there's also the occasional piece on environmental sustainability.

To the author profile
Liked this article? Share now!
Recommended articles
Latest articles
Push notification Next article
Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing

  • 5
    Zeeshan_sid Mar 21, 2020 Link to comment

    Good article, I found two malicious app in my phone.

  • 7
    berry johnson Mar 20, 2020 Link to comment

    I always check app/game ratting and reviews before installing any app or game. Which also helps to make 95% right decision.

  • marco sarli 39
    marco sarli
    • Admin
    Mar 19, 2020 Link to comment

    I am not able to review apps because I use Gsuite (and pay for it) and if you use it you can not review and nobody has an explanation for this. Better so I guess as I woud constantly be posting bad reviews.

  • Dean L. 34
    Dean L. Mar 19, 2020 Link to comment

    yeah the play store is becoming a swamp with all of the ones that have dishonest ulterior motives. Just my two pfennig...

    marco sarli

  • CJ Brown 29
    CJ Brown Sep 4, 2019 Link to comment

    For those of you who take the time to review an App online via a Browser before installing it via Google Play? I am in agreement (I do the same thing)! 👍

    I also have Trend Micro on my Home Computers and on Smartphones / Tablet (it starts scanning the App as soon as I visit the App's page on Google Play - literally will warn me of a malicious App and won't let me download it!)

    Maybe it's time for Google to "clean house" in their Play Store!

    Dean L.Deactivated Account

  • marco sarli 39
    marco sarli
    • Admin
    Sep 4, 2019 Link to comment

    Good advice. Anyway an overwhelming majority of apps in the Play Store are also totally useless and copies of copies of copies. Smartasses and crooks seem to have taken over the place. It is long, long, long time I have not seen anything new and interesting. I have the feeling that nobody is doing any effort or research anymore.Google also should tighten controls and weed out a lot of fake, useless or harmful apps but, for economic reasons and shortsightedness, this is not going to happen

    Dean L.Deactivated AccountCJ BrownDeactivated Account

    • 2
      Joshua Long Jul 2, 2021 Link to comment

      Those, like the recently interviewed darken, that do create useful original content should be more readily identified by the editors choice or other such unique category.

  • 25
    Deactivated Account Jan 14, 2019 Link to comment

    I am an expert in this field 😀.

    Deactivated Account

  • 20
    Reg Joo Feb 13, 2018 Link to comment

    Since I'm not too much of a game player, I have the opportunity to read up on a app, before I install it. I go to android websites, such as this one(Xda's my favorite though, I tweak a lot), and read upon the app, even the comments before I install. This keeps the fakes away. Always do your homework first.

    Deactivated AccountCJ Brown

  • Sandra 3
    Sandra Feb 11, 2018 Link to comment

    I agree! I think they (some) do it purposely confuse us. A new app dev could make their own icon with a copyright (even one that is not visible to the consumers) so that this won't keep happening... people who violate the copyright law would be in a lot of financial trouble and can be outed as being thieves... etc. Just my 0.02

    Deactivated AccountCJ Brown

  • Albin Foro 30
    Albin Foro Feb 9, 2018 Link to comment

    I try to remember, and wish all tech media reviewers would have a policy, to identify the developer of the "real" app so that reviews or recommendations would not lead users into a swamp of identically named or iconified phony apps listed with the real one on Google Play.

    Dean L.Deactivated AccountCJ BrownSandra

Write new comment:
All changes will be saved. No drafts are saved when editing