So after we have posted here on the big “Virus Shield” scam, we decided to post a short guide here on how avoid apps scams and malicious apps. Remember, you can never be 100% sure, but you can do a lot to significantly reduce the chances of being an app scam victim.
This guide is more focused on Android which is more vulnerable to apps scams compared to apple, but many of the tips here may apply also to iOS apps*.
* A note on apps verification process on apple store vs. google Play :
The apple store has a more strict verification process to new apps. We don’t know if an app like that would make it to the apple app store. There are scam apps also on the apple store, but surely a lot less then on google play, and significantly a lot less then on android markets in general. Sadly, the apple store strictness also prevents great, valuable and legitimate apps from being published. In general, we appreciate the open nature of the play store and wish apple to be more open. Yet we think Google Play’s popularity and the high commissions Google charge from the apps should  have yield better protection from Google against frauds and malicious apps.

Be suspicious, Give a Chance

Be suspicious – Don’t trust Google or anyone else to care for you. Challenge any statement, and do your own due diligence.

Use the following checks as indicators. Most apps would not pass all the checks, even some of the known legitimate apps. Our app, Salient Eye, legitimate as it is does not fulfill all of these criterions. In general, the more these indicators raise suspicions the higher the chances that it’s a scam app.

1. Use a known apps store – yes, we know the “Virus Shield” app would probably pass this test, but downloading apps from pirate websites, markets or torrents is not only impairing the original developers, it is extremely risky for the user. You can never know who is behind such apps, whether it is the original app, a scam or a virus and there is no one to complain to. Using known sources reduces the risk significantly and we strongly recommend downloading apps only from legal, legitimate, known markets (or directly from the developer website if there is such option).

2. Known developer – Naturally a known developer is more trustworthy and less likely to run scams. Many known developers earned “Top developer” badge on Google Play (for unknown developer see the next indicator).

3.  The developer – Try to find out who is behind the app. Go to the developer page and check if the developer has other apps in the market. If he does, check them out. Go to the developer website (If there is no website – that’s a reason to suspect) and examine it.  How long is this website out there? Does he have a dedicated domain? Who owns the domain? Google a bit to find more on him.

4.  Contact – Did the developer publish a way to contact him?  A decent app developer would be happy to be contacted and will make it easy to reach him.

5.  Number of downloads – yes, we know the “Virus Sheild” app would probably pass this test either, but still most malicious apps are caught at some point. The “Virus Shield” app was caught and removed from the store. The more users an app has the higher the chances that it is a legit app because otherwise someone would have already report it.

6.  Time in market – veteran developers are less likely to be scams, because it means that their apps were available on the market all that time and no one proved it as a scam. (tip: use sites like appbrain.com to easily find this kind of data)

Picture

A very new app? be careful! (Screen shot from appBrain – http://www.appbrain.com/app/com.deviant.security.shield)
7. Reviews and developer replies– Ignore the short reviews. Try to find the informative reviews and try to find answers to your suspicions. The developer replies are good indicators. A developer that cares for his users would reply the reviews and prove he is genuine.

8. Permissions – Read the permissions the app requires. Read the whole list! The permissions should be fairly relevant to the app description. If a permission requirement seems suspicious, or if a permission that you would expect it to have is missing, contact the developer and ask him.

Picture

Antivirus that requires no permissions? suspicious! (Screen shot from appBrain – http://www.appbrain.com/app/com.deviant.security.shield)

9. Application size – This is a bit more technical. The “Virus shield” app was actually an app that does nothing, In such cases the app size would probably be significantly small compared to other anti-virus apps and compared to what it claims to do. If the app size seems too small or too big for what it should be doing, it should raise a suspicion.

10. Trial/free version – Before you pay for an app, check if it has a free or a trial version and try it first. See if it meets your expectations and if it works before you go and buy. Many decent apps have a trial version. If an app doesn’t have a free/trial version, it should raise a suspicion.

11.  Number of versions and updates – A good and legit developer would update the app frequently to fix bugs and improve the performance. Check the frequency of updates and the app version number.

Give a chance – The high majority of apps on Google play are legitimate. There are many new apps that are great. Many new developers work very hard to deliver high quality apps for us and it is very hard for them to pass some of the criterions on this list. Lets’ give them developers a chance. If you see a new app that may be wonderful for you, and you wish to try it but afraid it may be a scam, try to contact the developer. Raise your thoughts and questions on a professional forum. Then, if you believe it is a most probably a legitimate app, give it a chance.

Got questions?  post a comment and I will try to answer

Leave a Reply

Leave a Reply