Windows Phone Store Increasingly Targeted With Fake Mobile Apps

An anonymous reader writes: A post by security company Avast says not only are a large amount of fake apps available from the third-party marketplace of the Windows Phone Store, but they also remain available for quite a while despite negative comments and other flags from end-users. Avast speculates that improved security and auditing procedures at rival stores such as Google Play account for the increasing attention that fake app-publishers are giving to the Windows phone app market.

Haven't Windows Phone users learned by now?

[SeaFox]

All the good apps are on iOS and Android.
They should be suspicious of any well-known app being in their store.

Re:Haven't Windows Phone users learned by now?

[whoever57]

Had they learned, they would not have a Windows Phone.

I mean, who has a Windows phone these days? The app store is missing many basic apps and those that exist frequently don't work as well as the Android or IOS version of the app.

I don't think that I have seen a Windows phone except at the AT&T store.

Re:Haven't Windows Phone users learned by now?

[nikkipolya]

For all the years I have hated Microsloth and their litigious ways of functioning, I am getting pissed off at Android now. Not because of their litigious ways but because it is so damn slow and laggy. Java is screwing android. My tablet has 1 GB RAM and a dual core processor but it still leaves me frustrated. Although I dislike Apple and their dictatorial ways I will have to admit that with 512 MB RAM and similar processor my wife's iPad mini is so very smooth to use. I am starting to consider switching to windows devices for their excellent price point and smoothness.

Re:Haven't Windows Phone users learned by now?

[sd4f]

I'm a windows phone user, and I can admit that it's dead. W10M is DOA, and it's quite sad, as having come to WP from android, it was great to use at the start, while missing a lot of features which were added in WP8.1, the best aspects of the OS got dumped. It's quite clear that the OS is on life support, they'll try with W10M, but it will go nowhere, it won't get the market share it needs for critical mass. What MS will do with it, I can't predict, but they bought a phone business, so I guess they'll keep on going with it.

Re: Haven't Windows Phone users learned by now?

[nikkipolya]

But at least other app's, like the camera, acrobat reader, google maps etc. don't hang on me on my wife's iPad. All of the above app's including chrome keep hanging all the time on my tablet. The touch goes unresponsive for a long time. Sometimes I would want to capture a moment but end up losing it because the camera app took a long time to respond. All the videos that I have recorded with my motorola tablet tend to have a jerky moment at about fixed time intervals. No, I don't have a microSD card. Same is the case with my android phone.

Re: Haven't Windows Phone users learned by now?

[cyber-vandal]

It will replace Blackberry in the corporate market. No other phone integrates as well with other Microsoft technology.

Re: Haven't Windows Phone users learned by now?

[Karlt1]

What Microsoft technology? IOS works just as well with Exchange via ActiveSync.

On an unrelated note, I find it ridiculous that while the standard Mail program in the Mac has built in Exchange support, Windows doesn't.

Re: Haven't Windows Phone users learned by now?

[ArmoredDragon]

As far as Microsoft's business software, every other smartphone platform integrates equally if not better than WP.

The only thing WP does better is integrate with an Xbox, which if you aren't a console game player and/or you otherwise don't own an xbox, then it's kind of irrelevant.

Re:Haven't Windows Phone users learned by now?

[DogDude]

For a "dead" phone, mine works just fine, thanks. Somebody must have given you some bad information.

Re:Haven't Windows Phone users learned by now?

[DogDude]

I'm a windows phone user, and I can admit that it's dead.

You should probably go back to the phone store and buy another one if yours is dead. Mine is working just fine!

Re:Haven't Windows Phone users learned by now?

[Grishnakh]

This is also why the malware writers are moving to the Windows Phone store. Anyone naïve enough to buy a Windows Phone is also a prime target for a scam.

Re:Haven't Windows Phone users learned by now?

[Grishnakh]

That's weird, my two-year-old Samsung Galaxy S4 seems perfectly responsive.

Maybe you should upgrade to a newer device with at least 2GB (which is what my phone has). My last phone (which is now 4-5 years old) only had 1GB IIRC, and it was indeed slow and laggy. Of course, it also didn't have any support and had an ancient version of Android. For all I know, it could have been infected with malware thanks to the wide-open security holes in unpatched devices like that.

The real problems with Android are the lack of support/upgrades, and all the bloatware. But at least on Android there's 3rd-party ROMs available for many devices, so you have the possibility of moving to something like CyanogenMod if your device loses support as so many do. iDevices retain support a bit longer, but once they're dropped, that's the end.

Re:Haven't Windows Phone users learned by now?

[macs4all]

iDevices retain support a bit longer, but once they're dropped, that's the end.

A "bit" longer?

Apple Released an update (iOS 5.1.1) for the First Generation iPad (introduced in 2009) in May, 2014. That's FIVE YEARS of Support(!!!) iPad 2 and beyond is still being supported, BTW.

That's way beyond "a bit longer" than pretty much every Android Device, except possibly the Nexus line, and it is probably even longer than those.

Re: Haven't Windows Phone users learned by now?

[macs4all]

Actually, BlackBerry integrates with Exchange and Office better than Windows phones do.

But likely no better than iOS does. I can't speak for Android.

Re:Haven't Windows Phone users learned by now?

[Windowser]

Yes, but it makes the old iDevice so slow that you are forced to go buy a new one.
That's not what I call support.

Re:Haven't Windows Phone users learned by now?

[Maxo-Texas]

I have a windows phone.

It's worked quite well for me and been about 80 dollars a month cheaper plus it has unlimited music bandwidth.

It cost me $120 to buy - out right -.

I was on Iphone's first. But AT&T got way too pricy.

Then i was on Android. But Sprint got way too pricy.

Anyway, currently have soundforge, pandora, waze, my bank app, a finance app to track my stocks, etc.

Admittedly, one reason i went to windows was fewer virii at the time. So if virus intrusion has become a problem, then that's one point lost.

Re:What's with calling them "Fake Apps"?

[jargonburn]

They probably meant to say that they're not true apps. No true app could be a knock-off, malicious, useless, etc. </rofl>

Re:What's with calling them "Fake Apps"?

[Lunix+Nutcase]

Fake as in "imitation". Which is precisely what a "knock-off" is.

Re:Why are there so many security researchers ?

[nikkipolya]

They get hired at all the major companies including non-IT/software companies. They are there to ensure the websites, applications, IT infrastructure etc. are secure. Apart from that many also do consulting on their own for quite a good sum of money. Recently a telco customer of ours hired the services of a security consultant for $570 per hr for over a few months to oversee the roll out of LTE.

Comment Subject

[viperidaenz]

Maybe they found it easier to personally email both Windows Phone users to warn them of the risks.

Re:Comment Subject

[Barlo_Mung_42]

I'm one of them and I don't mind. It gives me perspective for all the pain Mac users continue to go through, watching the platform they like struggle along with low adoption numbers. At least I'm not a Linux fan I guess.

Re: Comment Subject

[Barlo_Mung_42]

Depends on the software. There are lots and lots of things that are still windows only.

Re:Comment Subject

[ArmoredDragon]

Eh Microsoft and the WP fan base have been predicting that every year for the last four years.

In fact, remember last year when Microsoft and its fans were constantly hitting blogs and twitter about how WP is the world's fastest growing platform? And how did that turn out?

Re: Comment Subject

[macs4all]

Depends on the software. There are lots and lots of things that are still windows only.

True; but Windows-Only software is getting niche-ier and nich-ier every single year.

And since it is trivial through VMWare and Parallels to seamlessly run Windows in a way that integrates the Windows Apps onto the OS X Desktop almost as if they really were OS X Applications, and alongside of Linux Apps as well, if desired/required, Macs still make the most versatile computers, and have for several years.

Re:Comment Subject

[Windowser]

In fact, remember last year when Microsoft and its fans were constantly hitting blogs and twitter about how WP is the world's fastest growing platform? And how did that turn out?

It is easy to double your market share when you only have 0.5% of it.
Statistics : what they show is subjective, what they hide is vital

If I was Microsoft, here's what I'd do.

[GoodNewsJimDotCom]

I'm not sure if this is legal or not, but if they made an iOS and Android emulator so you could run both iOS and Android apps on the Windows phones, some people might get a Windows Phone then who'd otherwise be getting one or the other because they figure they get all types of compatibility.

Then I'd make backwards compatibility to Windows Vista where all windows versions could run: Windows Phone apps, iOS apps, and Android apps. It is very very important to do this similar to a sandbox where the apps can't escalate privileges and whammy system files like the old Windows .exes do.

Then suddenly you not only fixed the windows phone, but the #1 problem with the Windows operating system in the Internet age. The windows operating system is just not designed to download random .exes with wild abandon like it should. Part of the reason Windows lost share to Apple in the late 90s is because Windows was targetted by viruses more. If you're doing sandboxed apps as the future of Windows, suddenly it is very very hard to get a virus all of a sudden. Windows users would rejoice with having Windows Apps they could run on their PC without worrying about being hosed. Windows could even allow an app data backup cloud, so in the case you do get a virus in the old ways, when you reinstall your PC, all the apps can reinstall with your saved data. Just being able to explore downloading lots of free app software without worrying it making your computer die would be awesome. It is what we should have had with Windows 98 if Microsoft took the hard road and completely redesigned their operating system that an .exe couldn't make changes outside its install directory and other virus resistant moves. Instead of downloading every piece of cool looking software on the Internet, the slight chance it could be a virus means we just roll with the software we need to use.

I think a lot of Windows users would love to be able to use Android and iOS apps also. Throw in the weird functionality of a Surface pro they're trying to market of being a touch screen PC, and running Windows/iOS/Android apps on them only make sense.

Re:If I was Microsoft, here's what I'd do.

[tlambert]

I'm not sure if this is legal or not, but if they made an iOS and Android emulator so you could run both iOS and Android apps on the Windows phones, some people might get a Windows Phone then who'd otherwise be getting one or the other because they figure they get all types of compatibility.

This would be the third worst tactical blunder of all time. The most famous of which is "never get involved in a land war in Asia" - but only slightly less well-known is this: "Never go in against a Sicilian when death is on the line"!

The correct thing to do is build Windows emulators for iOS and Android, rather than the other way around.

This will cause developers to target their development for Windows, rather than targeting iOS or Android. This get Microsoft native apps, and at the same time, detracts from having those same apps native on iOS or Android.

FreeBSD made the mistake of building a Linux emulation layer for FreeBSD, instead of a FreeBSD emulation layer for Linux, which would have had developers working on FreeBSD native code, rather than Linux native code.

Re:If I was Microsoft, here's what I'd do.

[GoodNewsJimDotCom]

I think either yours or my idea or even both would be a good move to add more Windows Phone users. The nice thing about your idea is that it requires less hoop jumping to keep things up to date as Apple/Android update. And even for a big corporation, constant reverse engineering and updating gets old and costly.

Re:If I was Microsoft, here's what I'd do.

[ChunderDownunder]

if they made an iOS and Android emulator so you could run both iOS and Android apps on the Windows phones

They are. Windows Bridge for iOS/Android - allows one to port applications to Windows Phone using Visual Studio.

Re:If I was Microsoft, here's what I'd do.

[tlambert]

I think either yours or my idea or even both would be a good move to add more Windows Phone users.

Realize that I don't necessarily believe that more Windows phones are automatically a social good; I just believe that if that were Microsoft's goal, the way to achieve it would be for Microsoft to encourages developers to target them as a platform. This would incidentally benefit Microsoft by having developers target their code to Microsoft's IDE, rather than X Code or Eclipse.

Again, this is only about Microsoft's best interests in regard to establishing market share, and not about what I believe is necessarily a social good.

Re:If I was Microsoft, here's what I'd do.

[slaker]

OK, but what's the killer application that Android or iOS users that Windows Mobile has to get them to put the emulator/run-time on their devices in the first place? What makes anyone think that Apple would allow such an application to exist in its app store?

Re:If I was Microsoft, here's what I'd do.

[ArmoredDragon]

The problem is every time we've seen this happen, it's always backfired on whoever is trying it.

For example, when OS/2 added Win32 support, nobody wrote anything for OS/2 anymore. Why? Because it was easier to just write the Win32 program and just ignore OS/2.

Three years ago Google did the smart thing and pulled the reverse against Apple: They wrote an application framework that made it easy to port Android apps to iOS.

Besides, their "bridges" don't solve the number one problem with porting apps: Ongoing support costs. Initially porting the app is perhaps the least expensive part, so at best it solves "a" problem, but not "the" problem.

Why do you think major banking companies like Chase and Wells-Fargo pulled their WP apps even after they already had a working app? Because they no longer wanted to provide support services to a platform that didn't have enough users to justify spending any further money on.

Another problem you run into is that e.g. Android apps are going to be built with the Material Design Language, which uses lighter colors and depth perspective, and therefore doesn't at all mesh with the "Modern Design Language" which uses flat (i.e. zero depth) fisher-price colors and big ugly white on black text.

No need to panic

[arglebargle_xiv]

No need to panic, I've talked to the Windows Phone user and he says he doesn't use their app store, so it's all good.

Re:No need to panic

[invictusvoyd]

Baman the Shaman says , the ghosts of Nokia are inserting malicious code in the malicious code of windows apps to avenge their company .

Re:No need to panic

[tripleevenfall]

Ballmer, when the walls fell
Satya, his eyes closed
Windows app store, his arms wide
Windows phone, at rest

Re:No need to panic

[0123456]

I only know of two groups that care about the desktop: Outlook users and Word users. No one else cares.

Basically, just about anyone who does real work cares about the desktop. People who just need a computer to post funny cat pictures are fine with their phones.

If the desktop is becoming irrelevant, it's because Microsoft made it so when they pushed a phone UI onto desktop machines.

Re:No need to panic

[macs4all]

Ballmer, when the walls fell Satya, his eyes closed Windows app store, his arms wide Windows phone, at rest

Now THAT's good!

You win one Internets for the day!

Re:No need to panic

[macs4all]

I only know of two groups that care about the desktop: Outlook users and Word users. No one else cares.

You sir, are an idiot.

Name one DAW that runs in a browser.

Name one NLE that runs in a browser.

Name one CAD/CAM package that runs in a browser.

etc.

I could go on; but I'm sure I would end up stumbling on some obscure browser-based application, and Slashhaters would jump all over it. But you get the point.

Re:No need to panic

[unrtst]

It's funny how we think that a Windows Phone OS market share that is 50% higher than Linux desktop OS marketshare is just laughable ;) Latest numbers has Windows Phone share at 2.6% WW, and Linux Desktop OS share at 1.7%.

It's funny how Microsoft proponents primary excuse for the abundance of viruses affecting Windows versus other OS's was due to it's formidable market share.

We're now in the completely opposite situation on mobile platforms, and both Android/Linux (google play) and IOS (apple store) have FAR larger market share, and also address the "fake apps" faster and more thoroughly.

What's the excuse now?

PS: I'd also question the market share figures. Even if they were perfect, there's still the fuzzy definition of "desktop". I also doubt the number can be accurately reported, due to the way linux is distributed. All that said, 1.7%, while it looks like a small number, should actually prove its significance when one considers similar numbers and their impact - such as Windows Phone, which is considered to be doing poorly, but is still taken seriously.

We have to redefine "malicious"

[DNS-and-BIND]

From the post on Avast's blog, the ones who started this whole thing, the scam is evidently to put out software with the same name as 50 different major companies, wait for people to mistakenly download, and pay $1.99 for the app. That's not much of a major criminal scheme, it's pretty pathetic and it is well within the powers of a major corporation like Microsoft to shut this down.

The really eye-opening part is when one of the "malicious" apps is defined as the following:

"Claiming to âoeprotect your phone from malware and theftâ, this malicious app runs in the background of victimsâ(TM) devices once downloaded and collects their data and location."

This is what Windows 10 does by design. I think we need to redefine what "malicious" means. In both softwares you clicked "I agree" to the T&C before continuing.

Re:We have to redefine "malicious"

[avandesande]

Anyone that installs something called 'Malicious App' deserves what they get ;-)

Re:Why are there so many security researchers ?

[darkain]

Because there is little difference between "Software Engineer" and "Security Researcher" - it is really just a term for the clueless article writers to attempt to grasp at what we do. More often than not, security issues are found on accident by regular developers just doing their normal day-to-day jobs, and stumble upon something. Then in their spare time, they dump their findings on their blog, and them BAM, they're all of a sudden a "Security Researcher"!!!

APPS!!

[darkain]

Crap, better take down Mind Croft by Macrosoft before I get caught!

Already exists (Project Astoria)

[cbhacking]

The thing you talk about - Android and iOS apps on Windows phones - already exists (in preview form, at least). Originally called "Project Astoria", Microsoft seems to have decided to call it Windows Bridges, and is only for Windows 10 Mobile (not out yet, but the previews have been publicly available for months). Android and iOS apps can be recompiled for Windows with minimal effort. There's also a feature of Project Astoria that lets you run Android APKs directly, unmodified, on W10M... but that one seems to be in limbo, and may or may not see official release (the Android permissions system is different enough from the Windows Phone one that it apparently causes some problems).

What is Microsoft doing about this?

[Kid+CUDA]

The article is interesting but fails to ask the most important question: what is Microsoft doing about this? It feels like they're not doing anything. Just another sign of the impending death of Windows Phone.

Re:Article by Apple??

[ChunderDownunder]

Great would mean people queue up outside stores days in advance to get one.

Nah, that is insanely great.

Re:Article by Apple??

[sd4f]

If I didn't have my heart set on the retro thinkpad project, I'd most probably go for a surface, probably the surface book.

Re:What's with calling them "Fake Apps"?

[Lunix+Nutcase]

Are you just being incredibly obtuse? A "fake" app is one that is trying to pass itself off as another app but is not that app

Re:So embarrasing for Microsoft

[slaker]

Businesses will buy expensive phones if they do the things they need and support integration and management with the systems they already use. You really need third party tools to manage iOS and Android's all rely on Google Apps and have weird holes in their capabilities (e.g. device backup is a PITA). If the argument is for getting phones for middle managers who aren't important enough to demand an iphone and exemption from IT policies, having policy-based management that's already built into your enterprise directory system is probably a decent argument. I'm thinking this is more of a push to eat what's left of RIM's market.

Microsoft's Surface devices may to a certain extent be a "showing of the flag" rather than a highly competitive design. I support Surfaces in my organization and I think they're pretty great, but I say that with the understanding that they're as much a nudge to wider portable PC hardware manufacturers and to engage Apple in a certain amount of one-upmanship as they are compelling devices. It's a radical sort of product that can be made to serve in a wide variety of situations and putting them out in the world may be providing the impetus for improvements in other portable hardware.

Re:What's with calling them "Fake Apps"?

[unrtst]

Are you just being incredibly obtuse? A "fake" app is one that is trying to pass itself off as another app but is not that app

Stop being an apologist. They shouldn't be referred to as "fake apps".

Back in the day, virus emails would include a "fake image attachment". It was fake because it wasn't an image, but was an exe. It was meant to get people to click it, or to get the email client to automatically run it. Things like, "flower.jpg.exe". Or using the unicode left to right override, such as "Great Song by [U+202e]3pm.SCR", which would be displayed as "Great Song by RCS.mp3", but executed as a screen saver.

Impostor, Scam, Phishing, Fraudulent... there's plenty of applicable names, but it's not a "fake app" unless it's not an app**.

** at the very very least, it shouldn't do anything like what its name suggests. For example, back in December 2014, there were 3 entries in the Apple App Store for "Quickoffice ...". Two of them actually included a word processor and spreadsheet - those were not fake apps. One of them was just a grey screen with a button reading "TAP" that closed the window. Maybe the latter could be considered a fake app.

What Could Go Wrong?

[mschwanke97402]

We'll set up our own app store. It takes care of itself. Nearly no staff required. It's all profit!

Re:What's with calling them "Fake Apps"?

[Lunix+Nutcase]

Stop being an apologist. They shouldn't be referred to as "fake apps".

Because you're being autistic? Anyone who isn't being intentionally dense understands what the phrase meant.