Latest scams in the Google Android Play Store
With 3.5 million Android apps, no wonder Google Play Store is very popular. Well, where there is popularity, there are scams. Play Store is no exception. Fake app scams in the Play Store are more common than one might expect. To lure users, these scams impersonate brands that users trust — from retailers to government agencies. Unless proactively taken down, fake app scams can persist for months, if not years, enabling thousands of downloads. Let’s dive into some of these scams.
Earn Money Scams
These scams lure users with the opportunity to earn money online. Amazon Cash app, which impersonates Amazon, claims that users can earn money by doing little tasks (Figure 1). This app has been downloaded 10K+ times as of March 2023.
The developer of Amazon Cash has many more earn money scams impersonating Amazon in the Google Play Store (Figure 2).
Save Money Scams
In contrast to earning money, Coupon Scams lure users with the promise of saving money. Affirm Coupons app impersonates Affirm, a buy now pay later app (Figure 3). This fake app has been live in the Play Store for nine months.
Other Coupon Scams target buy now pay later services. In fact, the developer of Affirm Coupons has another fake app targeting Afterpay, a service similar to Affirm.
Financial Literacy Scams
These scams lure users with the promise of financial literacy. One scam, for example, claims, “Our goal is to help you make your own, educated decisions to getting your credit life turned around.” One fake app, Amazon Credit Card, claims to help users understand the merits of Amazon’s Prime credit card (Figure 5). This app has been in Play Store since Nov 2022 and has been downloaded more than a thousand times.
If a user searches for “Chase Credit Card” in the Play Store, two of the top six results are fake apps for financial literacy. Can you guess which two are fake Chase apps in Figure 6?
One developer has 40+ fake apps targeting cards from top brands (Figure 7). These apps have been in Play Store since Nov 2022 and target cards from retailers (Target, TJMaxx, Victoria’s Secret, Kohls), banking service for startups (Mercury), technology companies (Apple, Amazon), credit card issuers (Discover, Amex) and big banks (Bank of America, Chase and Wells Fargo).
Brand Impersonation Scams
The fake app scams we discussed so far lure users with incentives such as make money, save money or financial literacy. Although these scams impersonate brands to varying degrees, they use additional incentives to bait users. In contrast, a Brand Impersonation Scam claims to provide the exact service that the brand it impersonates provides. One such fake app called Cash impersonates the popular Cashapp and has been downloaded 10K+ times since Nov 2022.
Brand impersonation scams target many sectors including retail, automotive, government and financial services.
I am writing this as a series of three articles. In this part, I discussed the different types of fake app scams that we have observed lately in the Play Store. This was more of a PSA to increase awareness regarding fake app scams.
In Part II, I will discuss some of the techniques that developers of fake apps use to evade detection. This is more relevant for those in security engineering and developer roles.
Part III will cover what scammers gain from these fake app scams. That part is intended for decision-makers trying to protect their brands.