Technology has made it easier than ever for people to get fit and keep track of their health goals and while many people now use phone apps alongside their exercise regime, new research shows some apps that help people track their steps could be stealing and monitoring personal data.
Research released on Monday by the University of Sydney and Data61-CSIRO found 2,040 potentially counterfeit Android apps for smartphones and tablets are being downloaded by unsuspecting Aussies from the Google Play Store. The fake apps impersonate highly popular apps and contain malware – software that can be harmful to a device if downloaded and installed.
More than one million apps were analysed as part of a two-year cyber security project, with apps that assist with fitness, edit photos, monitor finances and even games found to contain the malicious software. The study found popular games including Temple Run, Free Flow and Hill Climb Racing – which may be popular with grandchildren – were common targets for app impersonation.
It was also discovered that many of the dodgy apps requested “dangerous data access permissions”, which are used by hackers to steal data or infect a device. When the counterfeit apps are installed, a hacker can then access personal data, leading to financial losses and identity theft.
“Many fake apps appear innocent and legitimate — smartphone users can easily fall victim to app impersonations and even a tech-savvy user may struggle to detect them before installation,” Dr. Suranga Seneviratne, cybersecurity expert from the University of Sydney, said in a statement. “In an open app ecosystem like Google Play the barrier to entry is low so it’s relatively easy for fake apps to infiltrate the market, leaving users at risk of being hacked.”
Researchers explained that a number of problematic apps have slipped through the cracks and have bypassed automated vetting processes which are put in place to protect users who download content from the online store.
Read more: How to spot a scammer: Know what to look for
“Our society is increasingly reliant on smartphone technology so it’s important that we build solutions to quickly detect and contain malicious apps before affecting a wider population of smartphone users,” Seneviratne said.
Experts have offered a number of tips to help people remain safe when downloading apps to their phones and tablet devices.
The first step is to do your research and know what you’re downloading. Counterfeiters usually target countries or platforms where popular apps haven’t yet been released so if an app isn’t officially available in your location, it’s best to wait until it is.
Similarly, some apps are only officially available on Apple’s App Store and unless a company or business has specified that its app is available on both platforms, it’s best to avoid downloading apps until an official announcement has been made.
It’s also important to carefully read what information about the developer, release date, user reviews and number of downloads is available before you download an app. Try to avoid searching for apps online and stick to official apps offered through the store app on your phone or tablet.
“For example, a Facebook app with only 100,000 downloads would be an immediate red flag as the authentic Facebook app would instead have billions of downloads,” researchers said.
Also be careful when granting permission to apps. It’s common for apps to request access to your location, camera and microphone, but ensure it makes sense for what the app does. A fitness app, for example, will not need permission to access your text messages.
And, as annoying as they can be, it’s also encouraged to keep your device’s operating system up-to-date when an update is made available. This will ensure that if a malicious app is accidentally downloaded, it won’t be able to bypass the phone’s security system.
IMPORTANT LEGAL INFO This article is of a general nature and FYI only, because it doesn’t take into account your financial situation, objectives or needs. That means it’s not financial product advice and shouldn’t be relied upon as if it is. Before making a financial decision, you should work out if the info is appropriate for your situation and get independent, licensed financial services advice.