A recent article in InfoWorld brought some attention to fake apps. These apps are widely circulated and are typically decompiled versions of the real app that are then tweaked for nefarious purposes. They look like chicken, they smell like chicken, but they don’t taste like chicken. They actually siphon off your personal data and are sold to the highest bidder.
How are these fake apps distributed? They are available all over the Web and can be installed on Android devices by turning on “Unknown Sources” in your security settings. Prior to turning this on, Android will give you a lengthy lecture:
Believe us, you don’t want to check that box. Don’t do it… don’t click OK! Pretty simple, right? Well, what about nefarious apps appearing in the Google Play store? Yup, that can also happen. So, most definitely disallow apps from unknown sources, but also be extra vigilant while browsing the Play Store as well. Your search might stumble on a fake app that’s only in the store for a short time.
But, what about devices coming pre-installed with nefarious apps? That’s a completely different story. You assume that all the bloatware that comes pre-installed with that fancy new Android phablet has been vetted and verified, right? Not so fast, my friend.
With the proliferation of refurbished devices and the ever-growing list of custom Android hardware manufacturers, getting a device that has a fake app pre-installed is a reality and has now happened, according to this InfoWorld source. As stated in the article, Marble Security has discovered fake apps on the following Samsung devices out of the box:
- GT-N8013 Galaxy Note tablet
- SGH-1727 Galaxy S III phone
- SCH-1605 Galaxy Note 2 phone
- SGH-1337 Galaxy S4 phone
- SGH-1747 Galaxy S III phone
- SCH-1545 Galaxy S4 phone
What’s not clear is if these phones were purchased as refurbished or new, but the risk is still there. Our guess is that these were refurbished devices, but it is plausible to assume that it can happen — especially with any number of one-off Android tablets you’ll find at your local big box retailer. So, the moral of the story is apps are the problem and that’s why we’re at the forefront of app security.
The only major issue here is that pre-installed Android apps can’t typically be removed without rooting the device. So, if you get a device pre-installed with a fake app, your only real recourse is to return the device.