Bitesize Cyber Series - How to Spot Fake Apps

The cyber threat landscape is rapidly evolving. It is becoming increasingly sophisticated, impacting individuals and businesses alike. To help you stay one step ahead of cybercriminals, we’re exploring a different aspect of cybersecurity each month in 2025 as part of our bitesize series.

So far, we have tackled many prominent issues surrounding cybersecurity, including:

• How to dispose of old devices without leaking data
• How to secure your personal devices
• How to protect your photos and videos from unauthorised access
• How to spot a phishing email
• The rise of a new cyberthreat - What is quishing?
• How to create a strong password
• How to secure your home Wi-Fi
• How to check if your email credentials have been leaked

This month’s focus is on how to spot fake apps.

What are apps?

Apps, or applications, are software programs created for smartphones, tablets and computers, that are tailored to meet a certain need. There are many different types of apps including social media, banking, retail, fitness, mental health, education, productivity, entertainment, the list goes on. Apps have grown hugely in popularity in recent years. In 2024, there were over 218 billion mobile app downloads alone.^[1]

Apps offer convenience and accessibility, which are crucial for businesses looking to grow in today’s digital landscape, but what happens when someone looks to exploit this convenience? That’s where fake apps come in.

What are fake apps?

Fake apps are malicious applications designed to deceive users by impersonating legitimate apps. These apps exploit the user’s trust and desire for convenience, tricking them into downloading malware onto their personal devices.

Fake apps can appear anywhere, including in trusted app stores like Google Play and the Apple App Store. They are created to:

• Install malware or spyware,
• Steal personal data,
• Trick users into making in-app purchases or subscriptions,
• Generate ad revenue via fake clicks.

How to spot a fake app

To help protect you from cyberattacks orchestrated via fake apps, we’ve pulled together a checklist to help you spot a fake app.

Step 1 – Download apps via official websites

Whenever possible, download apps directly from the official website of the brand or developer. While app stores are generally safe, fake apps can, and do, still slip through. If the app doesn’t have an official site, search for trusted reviews on tech forums or reputable news websites before downloading.

Business owners can reduce the risk of employees downloading fake apps by enforcing a policy that allows only pre-approved apps on work devices. You can use mobile device management (MDM) tools to control app installations, educate staff on app security, and regularly review the approved list to ensure safety and compliance with company standards.

Step 2 – Pay attention to the developer’s name

Before downloading, look to see who the developer is. Is it the brand’s official company name? Is it completely irrelevant to the app? Does it have any typos or small variations that could indicate that it’s not genuine?

Step 3 – Read descriptions carefully

Speaking of typos, this doesn’t just apply to the developer’s name. Make sure you read the app description carefully. Poor spelling, grammar, and disjointed or vague descriptions are all red flags that could indicate it’s a fake app.

Step 4 – Inspect the imagery

If you saw an Amazon app with a blurry icon image or preview images, you’d stop and think twice. High quality photography indicates a professional brand, whereas low quality, pixilated, blurry or irrelevant images undermine the credibility of the app.

Step 5 – Check the number of downloads

You can usually gauge how many downloads a brand will have had based on how popular it is. For example, as of April 2025, TikTok was the most downloaded social networking site with over 39 million downloads.^[2] If you spot a well-known app such as the TikTok app that only has a fraction of the downloads, then be suspicious.

Step 6 – Look at the app’s ratings

If an app has very few reviews or suspicious reviews (i.e. generic 5-star ratings with no description), then it may be an indication that it is fake. Look for detailed, balanced feedback that might suggest it’s from real users. You can also look at external reviews via Google to see if any others have posted about any negative experiences with the app.

Step 7 – Question unusual permission requests

Cybercriminals want to get their hands on as much information on you as possible. To do this, they go overboard with the amount of access they can get to your phone. Weigh up the number of permissions with the app’s functionality. For example, if you downloaded the Telegraph app, and it requests access to your contacts or camera – be wary.

Step 8 – Use a mobile security tool

To help keep you and your device safe online, consider downloading an antivirus cybersecurity tool, which will help detect malicious apps.

What to do if you’ve accidentally downloaded a fake app?

Downloading a fake or malicious app can put your personal data and device security at risk. If you’ve accidentally downloaded a fake app, you need to act quickly in order to limit the amount of harm it can cause to your device. Follow these five steps to protect your device and information.

Step 1 – Uninstall the app immediately

As soon as you notice anything suspicious on the app, you should delete the app to prevent it from doing too much damage to the device or data theft.

Be aware that some fake apps are designed to become “invisible” on your device once you download them. They try to conceal themselves by:

• Using generic names or icons to blend in
• Disabling notifications to avoid attention
• Making the apps icons invisible and in turn making them tricky to not just delete but also to even launch.

To locate hidden apps, go to your device’s installed apps list and hunt for blank spaces or unfamiliar names.

Once found, uninstall the app and clear the app’s cache and data to remove it from your phone properly.

Step 2 – Change your password(s)

If the fake app mimicked a service that you already use, for example, online banking or social media, and you’ve entered your login credentials to the fake app, change your password(s) immediately. This will help reduce the likelihood of unauthorised access to your accounts.

Step 3 – Run a security scan

Perform a security sweep of your device using a trusted antivirus or mobile security app to run a full scan of your device. This will help detect and remove any remaining malware or spyware.

Step 4 – Perform a factory reset

If your device continues to behave abnormally or you suspect deeper infection, consider performing a factory reset. This will completely remove the fake app and any associated malware.

Be aware that not only will it completely wipe the fake app, but it will wipe all of your other apps, contacts, media and so on. It will restore it to how it was when you first purchased it.

Step 5 – Report the fake app

Once you have completed the steps above, and you’re out of danger, we recommend reporting the malicious app to the app store or website that you downloaded it from. This helps prevent others from falling victim to the same scam.

On a similar train of thought, you should report the incident to the local authorities and any applicable cybercrime units. For example, in the UK, you should report any cybercrime to Action Fraud.

Worried about cybercrime?

When it comes to cybercrime, many SMEs don’t have sufficient cyber insurance. But the reality is that the risk of cybercrime to your business far outweighs many other risks that you would cover for without a second thought. It’s time to get real about cybersecurity. As technology continues to evolve, so do cybercriminals and their cyber-attacks on businesses and individuals.

That’s why it’s important to make sure your staff are regularly trained on cyber safety, and, particularly, to make sure they’re wise to the latest forms of phishing attempts.

Did you know that 82% of all breaches involved a human element? What’s more, it was also found that 45% of all employees receive no training from their employers. Training your staff to recognise the hallmark signs of suspicious emails and texts as well as phishing websites can not only reduce the number of security incidents for your business, but can actually improve employee retention.

Why is cyber training important?

Cyber training keeps your staff up to date with how to prevent data breaches and phishing attacks, which in turn helps to keep your business’s finances and data safe from cybercriminals. It’s important to have regular training instead of annual, which may not be sufficient. Awareness messages, phishing simulations or micro-trainings can all help to keep cyber security at the forefront of your employees’ minds.

Having strong cyber security measures in place will also improve your reputation among your customers - a business that falls prey to a data breach may find itself losing customers who no longer wish to trust the business with their information.

You’ll also help to boost employee wellbeing, as employees will be able to use the skills they’ve learned in their personal lives, allowing them to avoid potentially stressful situations if they’re targeted by cybercriminals.

What types of cyber training are available?

The types of cyber training that will be best for you will depend on the type of business you operate and the learning styles of your employees. Some cyber training courses are little more than tick-box exercises, but it’s likely that you’ll want something more in-depth for the lessons to really be absorbed.

There are a variety of free and paid options available, and you’ll also want to decide on how regularly you want to undertake the training - is it something your employees will have to undertake every few months, with regular micro-testing throughout the year to keep the lessons they’ve learned fresh and memorable?

You can find a number of cyber security training options from the NCSC (National Cyber Security Centre) Certified Training scheme, which offers classroom and online training at a variety of skill levels.

Cyber insurance from Towergate

Even if you take all the possible steps to safeguard your business from cyber-attacks, sometimes that just isn’t enough. Even with the best security and training, you can still be targeted – that’s why it’s important to have cyber insurance.

To find out more about cyber insurance, give us a call on 0330 029 5626 or visit our dedicated cyber insurance page.

About the author

Marc Rocker, Head of Cyber has been with Towergate for over 15 years advising commercial clients of all sizes on their business insurance needs.

As Head of Cyber Insurance, Marc has responsibility for ensuring that the advice and products that Towergate provides meet clients’ needs. Marc is a member of the British Insurance Brokers’ Association (BIBA) cyber technical committee.

Sources

[1] buildfire.com/app-statistics
[2] backlinko.com/most-popular-apps


Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems we recommend that professional advice be sought.