Don't Download That App! How to Avoid Malware in Disguise

Watch out for copycat apps like Judy masquerading as the real thing

Smartphone apps
zhijian Huang / Getty Images
Was this page helpful?

News that fake versions of the popular Pokémon Go game or that Judy, the biggest-ever malware scam on Google, had popped up in the Google Play Store shed light on an ongoing problem. Fake apps can be destructive; in this case, at least one locked devices immediately after installation. Users would have to remove their battery or use Android Device Manager in order to unlock their phone.

That's scary, and malicious apps can often cause damage that affects your phone's performance or even renders it useless.

Other fake apps feature ads selling expensive services. One ironically claims that your device has been infected by malware, which also prompts users to purchase expensive tools to get rid of it.

Google has successfully removed some of these apps from the Play Store but continues to discover others that have slid under the radar, like the Judy malware, which typically masqueraded as fashion or cooking games but were actually malicious ad-clicking apps. Judy, which impacted both iOS and Android devices, infected approximately 36 million Android devices before its discovery. That's the most-distributed malware yet found through the Play Store.

Any popular app is liable to be copied in this manner, so even if collecting animated creatures isn't your thing, you may still be at risk. You can avoid this by taking a few steps before downloading apps from the Play Store. It's all about smart security.

Avoid third-party app stores. While these malicious apps were found in the Google Play Store, it's more likely to find them in third-party app stores, which often do little or no vetting. Stick to the Play Store, but be sure to follow the other tips in this article as well.

Look for the name of the app developer. It's easy to accidentally download a copycat app, but you can prevent that simply by verifying that the manufacturer's name is correct.

For example, Pokémon Go is made by Niantic. If the Pokémon app you're trying to download has anything other than Niantic as its developer, move on. For other apps, you can find out the appropriate developer with a simple Google search. Reputable developers will have a website with information about its apps, tech support information, and contact details.

Read app reviews. Popular apps will have reviews by experts and users alike. Check the user reviews in the app store, and look for expert reviews from well-known tech publications. This will shed like on any issues with reputable apps, and help you avoid malware. User reviews are particularly helpful in weeding out malicious or faulty apps.

Install security software. If you use a PC, you probably have antivirus or other security software running. Most of those companies offer mobile versions of their security software, including Avast!, AVG, Bitdefender, and Kaspersky. There are many free options as well as premium apps with advanced features and a small annual fee. These tools will scan your installed apps and warn you before visiting an infected website. As a bonus, you'll also get features such as data backup, remote wipe and the ability to lock apps.

Keep your Android OS up to date. Be sure to download OS updates and security updates, which often include patches to protect your device from recent threats. Learn how to update your Android OS here.

Follow security news. Many of the malicious apps and security breaches have been discovered by software security companies. In this case, it was antivirus provider Eset. As malware researcher, Lukas Stefanko wrote in a report, "This is the first observation of lockscreen functionality being successfully used in a fake app that has landed on Google Play. It is important to note that from there it takes just one small step to add a ransom message and create the first lockscreen ransomware on Google Play."

Ransomware is when a cybercriminal locks you out of your own device and will only unlock it after you've paid them. If ransomware makes its way into the Google Play Store, it would be disastrous. Follow tech blogs to get security updates or set up a Google alert.

What if you accidentally download a bad app anyway? I hope you've been regularly backing up your device; if so, you can try resetting it to factory defaults. Then you can easily restore your contacts, photos, and other data--minus the malware. Then be sure to run a security app to make sure your device is clean. And if you find you just can't get rid of a particularly nasty malware, try these tips to remove it.