App stores from Apple and Google tout that they alone are the best place to download and install apps. Especially Apple is known for it’s approach to allow only Apps that went through a review process to be made available for download. Google is less strict and allows for the sideloading of apps from other app stores, but these alternative app stores are small in comparison.
App Stores, Trust and Criminals
App Stores evoke trust. Apps that are available on app stores are by definition safe and do no harm to users. That’s one of the arguments that is brought forward by Apple and Google and to some extend they are certainly right. Having apps going through a review process helps to detect scam apps and prevents them from the app store. But as the past showed, this approach is not free from loopholes and there are numerous examples of scam apps that got through the review process. In the past, Google has taken more sophisticated steps in order to keep malicious applications off Google Play. However, a recent new round of takedowns that involved about 200 apps and more then 10 million potential victims has shown that this long-standing problem is far from over. This could potentially lead to users spending hundreds of millions of dollars.
According to Zimperium, a new huge scamming campaign has been affecting Android since November 2020. The attackers were able sneak benign-looking apps such as “Handy Translator Pro,” Heart Rate and Pulse Tracker, and “Bus – Metrolis 2021” into Google Play. A victim would get five notifications per hour after downloading the malicious app. Ultimately, the goal was to prompt them to confirm their number and claim a prize. In-app browser was used to load the “prize” claim page. This is a common method of keeping malicious indicators from the app’s code. After entering their numbers, attackers signed the victim up for a monthly fee of $42 via the premium SMS services feature on wireless bills. Typically, this is a way to pay for digital services, or send money via SMS message to charity. In this case, it went straight to the criminals.
App Store Gatekeeping
However, there are more mundane reasons behind Apple and Google reviewing apps for the greater consumer good. It boils down to control and money: whoever is the gatekeeper for entering the app ecosystem can dictate the terms. And Apple is notoriusly defending their position as the ongoging law suite with Epic shows.
One part of the problem is simple that any app that passes through the review process automatically gets the app store seal of trust. After years of having app stores as the only means for apps to get on the phone, this is anchored in the head of users. The downside is that with this kind of trust, you put your trust in somebody else and don’t think twice when you install an app from a trusted source.
This kind of trust makes app stores a worthwile target for scam apps. Because there are millions of apps and billions of users that use the app stores, it makes sense for criminals to try and get malicious apps into the stores unnoticed.
What can you do to protect yourself?
Unfortunately, there isn’t much that you can do to protect yourself from scam apps. When they are discovered, they have been installed by many users and some harm is done already. What you can so is to take care when you install apps from the app store and think twice, if you really need this app.
Zero Install Apps
If you truly think out of the box, then apps without app stores could be a solution. If there is no store, then an app can’t get credit for just being on the app store.
Actually, before app stores existed, people used to buy online software directly from the software makers. There were only a few apps you could choose from, so in a sense it was a small app store. The trust was earned by third party references. Of course, there were also shady pages that asked you to install apps before accessing something online (mostly other pirated copies of software) that asked you to install some app.
Besides that those shady download pages had a bad reputation, the difference was the scale: were we had thousands of people that were affected by installing apps from shady pages, now we talk about several millions of unsuspecting users that become victims.
Then, there we physical stores where you could buy software that was on disks and CDs. This prevented from widespread scam, because the effort to physically distribute doesn’t pay off for criminals and would be a major operation that probably wouldn’t go without notice.
We at IKANGAI use our qonnect platform for offering zero install apps. These apps are distributed without app stores and you can install them for the source of the digital service. An example for such an app is call a BOX. You can use their on deman self-storage service through a zero install app. Get in touch with us to learn more about zero install apps and how your business can benefit from them.