Here’s Why Even Official Public App Stores Can’t Be Trusted
One of the first rules of protecting end user devices has always been “Install anti-virus software and keep it up to date.” Even as people have shifted from laptops and desktops to more mobile devices like smart phones and tablets, security experts advise installing AV software from a trusted app store such as the Apple App Store, Google Play or the Windows Phone Store.
Now there is evidence that following the latter rule may actually be harmful to mobile device users.
On May 15, Kaspersky Lab issued a press release stating that the company recently discovered two fake antivirus applications imitating the Kaspersky products in two different official app stores for mobile devices.
According to the press release, the first fake app was discovered in Windows Phone Store. The app in question went by the name of Kaspersky Mobile. The second fake app imitating the Kaspersky Lab brand was for sale in Google Play and was called Kaspersky Anti-Virus 2014. There are no official Kaspersky Lab products for mobile devices with either of those names.
In both app stores, users were required to pay a small fee to get “the product.” When downloaded, installed and activated, these apps make the device owner believe that actual virus scanning is going on, when in fact it is not.
If there is a bright side to this scam, it’s that the fake apps are “only” stealing the money paid to get the software. The damage could be far worse; the software could be installing malicious software rather than scanning for it. It appears that the “developer” is making his money from selling do-nothing software as opposed to using the code for malicious purposes.
The fake mobile apps scam isn’t limited to imitating Kaspersky products. Michael Crider of the Android Police outlines other fake software apps in the Google Play market that basically do little but steal users’ money.
It’s troubling that fake and even dangerous software apps are available (and even recommended) in the official public app stores of the most popular vendors. This is one more reason why enterprises that allow BYOD in their environments should establish an internal app store and require end users to get their apps from there. Then the enterprise InfoSec experts can evaluate apps thoroughly before allowing them into the officially sanctioned company app store.