Apps you download for your small business may not be as safe as you believe. Symantec, a security software company, says it has identified so-called “one-click fraud apps” (since removed) on a site trusted by millions of mobile users.
In a post on the Symantec official blog, the company stated they recently identified at least 200 apps at Google Play that were one-click fraud scams. The apps attempted to sign up those who downloaded them, for a service that costs upwards of $1,000. More than 50 developers were identified as being responsible for these apps.
The development, especially on a trusted site for Android Apps, should concern small business owners. Small business owners and employees increasingly depend on mobile apps and the mobile devices on which they operate for many aspects of their business operations. This makes them vulnerable if scam apps or fraudulent apps continue to flood the market.
The affected apps were Japanese-language apps and all dealt with adult or pornographic material. According to Symantec, the apps appeared at the top of Google Play searches when an Android user searched for anything related to adult video content on their devices.
“No English language apps were identified as part of this particular group of discovery; all targeted Japanese language speakers. However, there is no reason to believe that this same scam could not be perpetrated with English language apps,” said Symantec Security Response Manager Satnam Narang.
At least 5,000 people downloaded the apps in the last two months, but Symantec said it is unsure how many people, if any, actually paid the money for the so-called service. The apps were removed from Google Play upon notification of their existence by Symantec, Narang added. The Google Play accounts of the developers have been suspended, too.
While the target of this scam was seemingly limited, the advent of similar one-click scams on Android devices just one year ago means that those perpetrating the fraud are only beginning. Narang warns that more markets will be targeted in the future and that the best protection besides knowledge — because most scam apps are made to look legit — is mobile security software.
“Attackers are constantly improving their tradecraft. So, malicious apps can sometimes be hard to spot. In general, it’s a good idea to avoid downloading apps from sources other than trusted app marketplaces. In addition, it’s also a good idea to pay close attention to the permissions apps request. Another trick is to look at the reviews from other users who downloaded the apps,” Narang said. “However, in the case of these malicious apps, these tactics aren’t as effective.”
(Symantec is a past sponsor of events involving this publication.)