In your recent This is Money podcast episode ‘Will the Budget cut taxes’ you talked about how to avoid scams and stressed the importance of only downloading apps from trusted sources like Google Play.
I just want to bring it to your attention that scams also exist on these platforms.
I own a drone made by DJI, and recently I have travelled to Malta. Before my trip I wanted to make sure that the drone is up to date, and then I saw that the app I was using to control the drone needed an update.
I searched on Google Play and found an app called ‘Go Fly for D.J.I Drone models’. It looked like a genuine DJI app.
Expensive hobby: Due to the high cost of drones, the software needed to fly them is often free for users
After installing it asked for a subscription-based payment or a lifetime app purchase.
It seemed so genuine that I almost paid, but wanted to double-check it with a friend who also owns the same drone.
He told me to go to the official website and download it from there, and it was completely free.
But it looks like their scam doesn’t stop here unfortunately, as I went back to Google play and I read all the one-star reviews.
People who paid for this app allegedly received random attempts from unknown companies which charged or wanted to charge debit and credit cards linked to Google Play. Adam Batki via email
Harvey Dorset of This is Money replies: Given the mass of warnings from one-star reviews that you may see unknown charges on your card, it seems it is fortunate that Adam chose to check with a friend before committing to a lifetime subscription.
The wealth of reviews slamming the app in question indicates that many drone owners have not been so lucky.
One user, Jason Roan, commented: ‘This is most certainly a scam app and I can’t believe I even fell for it! No way for you to cancel a subscription and the email they tell you to send inquiries to isn’t even a real email.
‘Save your money, don’t use this app and go to the DJI site itself for a link to the real one. Hope this scam app burns to the ground.’
While another, Alec Keane, warned: ‘This is a scam app. Won’t let you do anything other than buy a subscription that I assume is just a ploy to get your bank info.
Shady: Some reviewers of the ‘Go Fly’ app say it doesn’t allow you to cancel your subscription
‘The actual DJI Fly app is on their website so download that, it’s free and no subscription is needed. Wish I realised that sooner.’
Indeed, Batki, a personal trainer and swimming instructor from London, told This is Money: ‘Because I had extra time to think about this dodgy app on Google play (most of the people think that everything on these app stores is legitimate, when it isn’t) I didn’t pay for it, and took my time to double and triple check.’
‘But let’s say if I wasn’t this organised and I’ve flown all the way to Malta, and wanted to fly the drone I wouldn’t be able to until I had updated it etc… Most likely I would just pay to the scammers because I would just want my drone up in the sky as soon as possible.’
App stores are nothing if not unwieldy beasts. Every month, thousands of apps are added to the Google Play Store, with 62,000 apps added to the platform in November 2023 alone. Likewise, the Apple App Store saw 38,000 apps added during the same month.
Unsurprisingly, with such high volumes of content, apps masquerading as legitimate can, and do, slip through the net. While the best advice is to stick to official app stores it appears that this is by no means a foolproof method.
In fact, remaining diligent when using these app stores could stop you from giving up both your money and your data unwittingly.
When approached by This is Money, a Google spokesperson said: ‘Go Fly for D.J.I Drone models has been removed from the Play Store.’
‘All Android apps undergo rigorous security testing before appearing in Google Play and Google Play Protect scans 125 billion apps daily to make sure that everything remains spot on.’
Just days later, however, the app was back up and running on the Google Play Store.
The developer of the app, Smart Widget Labs Co Ltd, which is based in Ho Chi Minh City, Vietnam, did not respond to a request for comment on Batki’s experience with the app.
This is Money also spoke to Laura Kankaala, threat intelligence lead at F-Secure, who explained how you can spot the signs of a fraudulent app.
Misleading reviews: Laura Kankaala warns that malicious apps can buy bulk reviews to boost their rating
How can you spot scam or misleading apps on app stores?
First things first, Kankaala said, is to check whether the developer of the app is who you expected it to be.
‘On legitimate App stores you can check who is the developer of the app,’ she said, ‘For instance, if you’re downloading the Facebook app on your phone, the developer should be Meta Platforms, Inc. Check the developer details and what kind of other apps they have uploaded.’
If you are suspicious of an app, Kankaala suggests looking for the app via a company’s website.
‘If you want to download a specific app, visit the official website of the app, service or company using your browser. Typically, they have linked the official versions of the app on their site,’ she said.
On Android devices, you will also have the option of running a mobile security or antivirus scan, if you think that you may have installed a malicious app.
If you have downloaded an app, Kankaala also warned that you should go over the permissions that the app has been granted on your device, and ensure that these aren’t excessive.
She added: ‘These permissions could be access to your contact lists, text messages, images, location – you can disable any suspicious app permissions and re-enable if the app ceases to function without them. There are some very dangerous permissions on Android devices such as Device Admin, or Notification Listener, which are not needed, unless the app needs these to function.
‘Accessibility features should be used to assist people with disabilities to use apps on their phone, but unfortunately these permissions are routinely misused to steal data…Accessibility features can also generate taps on behalf of the users, to carry out potentially risky and unwanted operations, such as install additional apps.’
Best advice: In general, it is recommended that you avoid using non-official app stores to download software
Even though Google and Apple try to remove fraudulent apps from their platforms, it is wise to always be vigilant, and don’t take for granted the safety of these app stores.
Kankaala said: ‘There’s constant monitoring for malicious apps, but unfortunately, it’s a cat and mouse game.’
‘The actual malware, malicious apps, are constantly looking for ways how to bypass security mechanisms and protections set in place. And sometimes the apps are not “malicious” per se – but are involved in shady practices, hoping that people for instance enable a weekly subscription and forget about it.’
Should I check out the reviews?
Leaving a bad review is an easy way to let others know that you have a had a poor experience with an app.
However, more often than not, dodgy apps have plenty of five-star reviews to counteract the negatives.
Kankaala said: ‘Fake reviews and stars are used to boost the app and make it appear closer to the top of the search results when people are searching for apps. It’s more likely that people will download the app if it seemingly has a lot of reviews and stars.
‘This same tactic can be used by malicious or misleading apps – they want to boost them so that people would end up downloading them, instead of legitimate apps.’
For scammers, amassing a horde of good reviews to outweigh the bad is as simple as making a quick purchase, making it harder than ever for consumers to get a real picture of the app they are downloading.
‘It’s very easy and inexpensive to purchase reviews and stars for an app. There are many different websites and platforms that claim to write reviews in multiple languages, and their pricing varies from app conversion rates (or how many installs the reviews are generating) to bulk prices,’ she said.
‘My rule of thumb is to look at the negative reviews and take those more seriously than the positive ones, because they could expose some scammy or misleading behaviour of the apps.’
What risks can these apps pose?
The chief risk is allowing an app to gather your data, which can then be sold or used for marketing.
Apps that install malware onto your device can be used to steal sensitive data that they cannot legally collect.
Kankaala said: ‘Data that criminals behind malware want to steal are credentials, credit card information, multi-factor authentication tokens and so on. Malware can lead to actual financial consequences for the victim.
‘Finally, the unwanted subscriptions are [a popular method used by scammers] and can lead to financial losses if they are not tackled early on.’
If you think you are being charged for a subscription you don’t think you signed up for, then it might not be too late to get your money back.
Kankaala added: ‘Check your subscriptions and cancel those that you’re not actively using. If you’ve been scammed, or for instance your child accidentally subscribed in an app, you can try to get a refund from the app store.
‘It should be noted that if you just delete the app, the subscription may still remain active and billing will continue. The creators of these misleading apps are relying on the fact that people forget to unsubscribe.’
Some links in this article may be affiliate links. If you click on them we may earn a small commission. That helps us fund This Is Money, and keep it free to use. We do not write articles to promote products. We do not allow any commercial relationship to affect our editorial independence.