Bogus Apps Collect Private Data

About Author

Picture of Oren Todoros

Oren Todoros

Oren is a cybersecurity and digital risk intelligence expert at BrandShield, focused on protecting organizations from online fraud, brand impersonation, and phishing attacks. He writes about emerging threats across digital ecosystems and strategies for proactive brand protection at scale.

BrandShield combines advanced AI and expert enforcement to help brands detect and remove online threats fast. Stop infringement, safeguard your reputation, and build lasting trust; all in one platform. Book a demo to learn more.

With the popularity and convenience of shopping on-line, it should be of no surprise that counterfeiters would find new ways to cheat consumers and damage brand names.

Fake retail and product apps have appeared in Apples App Store, just in time for holiday seasons. Counterfeiters have disguised themselves as legitimate retailers, like Dillard’s, Zappo’s and Nordstrom, selling brand name luxury products like Jimmy Choo, Christian Dior and Salvatore Ferragamo. Branding Brand, a company that helps retailers build and maintain apps reports that they are seeing a barrage of counterfeit shopping apps designed for the iPhone.

The apps, most of which come from China, slip through the Apple review process. Although Apple does claim to review apps that improperly uses another company’s intellectual property or cause harm to consumers, it is difficult to police the thousands of apps that are submitted each day. One of the primary risks that Apple is looking to stop is malware and other malicious software.

What’s different about these shopping apps is that the objective is not to sell counterfeit products but to obtain credit card information. The unsuspecting shopper sees an offer for a desirable luxury good at a price that is very attractive. To purchase the item, the shopper must enter their credit card number. The transaction appears to have been completed, but of course, the shopper will never receive the item. The counterfeiter, however, has received what they want, a credit card number. In some cases it is reported, the app can also contain malware that can lock the phone until the consumers pays a ransom. In some cases, the apps ask for Facebook information that potentially exposes the consumer from having personal information exposed.

It really becomes the responsibility of brand owners to watch for fake apps must the same way they search for rogue websites.

Apple has already removed hundreds of fake apps after articles in the New York Times and New York Post brought attention to the issue. Apple continues to evaluate and remove the apps that don’t operate as intended or follow Apple’s guidelines.

However, fake apps will continue to be employed by counterfeiters as the rise in on-line shopping, especially from mobile devices. There are obvious red flags on bogus apps, as there are with bogus website. Misspellings, functions that don’t work, butchered text, etc. In one fake New Balance app, for example, the tab for phone support did not include a phone number and stated “Our agents are available over the phone Monday – Friday.”

Get a Free Brand Assestment

See how BrandShield uncovers counterfeit networks, detects brand abuse across marketplaces, social and AI platforms, and removes threats quickly and at scale.

Recommended for you