ESET expert on how to stay
protected as the threat of scam
apps grows
Read reviews
While most scam apps do in fact include
numerous positive reviews, these often
show signs of phoniness. Wording may
be very vague, downright nonsensical
or exhibit repetitive patterns (including
different reviews repeating the same
phrases or having similar usernames, for
example). It’s a good idea to re-order
the ranking options on reviews to see a
more balanced picture: depending on
the particular app store, you can sort
the reviews to see those that have been
deemed ‘most helpful’ or that are ranked
‘most critical’ first.
Be patient
In a blog, Lysa Myers,
Security Researcher at ESET,
outlines the growing threat
from deceptive practices to
scam both iOS and Android
users alike, offering advice
on how users can safeguard
themselves from such threats. Be aware of the limitations of app
store review processes
here’s nothing new about
advertisers and app
developers using deceptive
practices, but the Touch ID scam that
Lukáš Štefanko wrote about recently is
a significant twist in this ongoing story.
Of course, iOS users are not alone
in facing these dilemmas; as Lukáš
wrote earlier this year, Android users
are experiencing their own flood of
predatory app tactics too. Due to the incredibly large total number
of apps and updates that each major
app store sees every day, much of
the work involved in the review of new
submissions is automated. This means
that each app likely has functionality that
will not necessarily be seen by a human
or be tested specifically.
T
What can we do to protect ourselves
against these fraudulent practices?
58
The policies and review procedures of
major app stores do keep out a large
number of fraudulent apps. While there
are always more things they might and
probably should be doing to continue to
improve this problem, it is an ongoing
learning process for all of us.
Even very well-known and more-or-less
legitimate app vendors have been caught
doing things to try to evade having certain
functionality reviewed. This means it’s still
crucial to do our own due diligence.
The best time to figure out whether an app
is a scam is before you download it. While
it may be hard to calm the fear of missing
out, it’s best to wait a few days or weeks
before downloading brand new apps, to
let other people be the ‘guinea pigs’.
This way you can read what other people
have to say about the app’s functionality
before making a decision.
Use apps by developers you
know and trust
If at all possible, it’s a good idea to
stick with reputable app developers. If
you’re new to a platform, that may be
easier said than done. In that case, it’s
a good idea to do a little more research
first, to get a better sense of whether a
particular developer already has other
well-reviewed and popular apps that are
currently available for download.
Read the full article at
www.intelligentciso.com. u
Issue 10
|
www.intelligentciso.com