The Mac Security Blog

Software & Apps

Google Play Approves, Quickly Removes Fake Apple Apps

Posted on by

Google Play™ is the search giant’s version of Apple’s App Store, only unlike Apple’s somewhat stringent approval process where pending apps can take at least 7-10 days to get the thumbs up to appear in the App Store, Google Play typically approves their apps relatively quickly. Unfortunately, that means a high likelihood of spammy or fraudulent apps squeaking in and being downloaded by unsuspecting users.

The most recent instance of fake apps sneaking past the goalie are several apps claiming to be from Apple that shared names with known Mac OS titles (e.g., iLife, iWork). They were temporarily approved on Saturday but yanked shortly thereafter for being recognized as “lightly-disguised scams.”

Untrusted and potentially malicious apps have been a problem in Google Play for a while now. Inquisitr reports:

Analysts believe that upwards of hundreds, possibly thousands, of apps have been discovered to be carrying viruses, trojans, botware, phishing, scams, and other various forms of malware. In summer 2012, security firm BT found that one-third of Google Play apps contain some form of malware. In most cases, malware on Google Play apps has focused on gathering a user’s information and passing it along to third-parties.

Though Google has begun checking for malware to detect and deny phishing/malicious apps, there have been several instances of spammers easily being able to spoof being a legitimate publisher (as was the case with these faux Apple apps). As a consumer, it can be difficult to know which apps are legit and which should be avoided. Be wary of free or very cheap versions of normally-paid apps. You can also check an app’s reviews and the number of downloads it has for some sort of authenticity, but even that’s not foolproof.

Ultimately though, if even Google Play is getting fooled, that doesn’t bode well for its users to be able to identify what’s real and what’s fake. Google needs to have much more secure vetting via code signing certificates or other means to ensure that publisher offerings are the real deal and not spoofs being offered up by spammers looking to swipe people’s personal information. Unfortunately, Google Play has had problems with malicious apps sneaking into their store since at least 2010, so it doesn’t seem as if they’re motivated to truly fix this glaring security issue any time soon.