Mobile Application Frauds
The two popular operating Systems Android and iOS account for almost 98% of world market. Most smartphones work on either one of these Operating Systems. It may be good to compare the mobiles to the human body:
• Phone devices or Smartphones are the Skeletal System;
• Operating Systems are the Central Nervous System (CNS) – the brain and spinal cord;
• Mobile apps are the peripheral nervous system (PNS) – the nerves which carry messages and signals to the other parts of the body.
While the OS and smartphone hardware are essential, the functionality or features of smartphones get greatly enhanced by applications. Some apps are developed by the operating System developers too and integrated into the OS. However, most apps are developed independently.
These applications which attach to the OS are called 3rd party apps. The third-party apps can also be of different types: –
(i) Apps developed in-house by Companies like FB, Twitter, Snapchat, Tumblr, Instagram, Google Pay, Amazon, Paytm, etc.
(ii) Apps developed for companies by outsourcing – the companies give contracts to developers for developing apps but the ownership and copyrights remain with the company e.g., Yono SBI, HDFC, ICICI, Axis, etc.
(iii) Apps developed independently by third party developers – these may be developed independently by third party developers – these may be developed to provide lighter versions with limited features for those smartphones which are not high-end or even as substitutes for the genuine ones of the bigger companies. In this case, given a choice, it is always better to choose apps developed by the companies or trusted developers. Usually, the total number of downloads for an app an app reviews can be good guides before downloading;
(iv) Apps developed by third parties – some independent, standalone apps keep getting developed by various developers. These apps can cater to anything from reading or recitation of scriptures like Bible or Quran or Gita.
Apps can cater to various aspects from productivity to travel, etc. sports, finance events, education, beauty, business, comics, autos and vehicle, dating, social communications or entertainment or games or movies or books, etc. The independent developers keep looking for opportunities – business opportunities and making apps. These apps are then posted on Play Store for Android or App Store for Apple products for users to review, download and use them, most user interests are covered by different categories and there are literally millions of apps for users.
Problems with Apps
Google and Apple take abundant caution to ensure that unscrupulous or defective or malicious apps or those which violate copyrights do not find place on their databases. However, most such Scrutiny is automated. The unscrupulous developers can find a way out to hoodwink the security checks and find place on Play Store for downloads.
If the apps are duplicate or malicious and are either not from genuine companies or certifications, they could pose risk to the users. Therefore, checking the genuineness and authenticity of apps is imperative.
It is also advisable to check what ‘permissions’ an app is seeking at the time of download and installation. Some of the permissions may be denied or switched off by the user, if he does not want them to be used all the time.
Some fraudsters develop apps which fake the genuine ones in all their visible features. This way, they tempt users to download them. However, once the fake apps are downloaded, they create backdoors on the smartphones for the attacker to virtually control your phone remotely. Therefore, extreme caution should be exercised while downloading apps especially those connected with finance, money or banking matters.
Mobile apps are utility softwares and often shortcuts to different needs/ requirements of users. Users become habituated or even addicted to certain apps, and therefore there is a tendency to ignore security cautions/ warnings.
Fraudsters and criminals use these security breaches to infiltrate the mobile phone users through popular apps.
Trojans and/or Backdoors:
Attackers or fraudsters use mobile apps to infect applications with Trojans or Backdoors – remember the use of Horse by Joan of Troy to push soldiers in a dummy horse to win a war!!
The attackers make malicious programmes or softwares inside the applications. These programmes are called Trojans or Backdoors and allow the attacker to access the entire phone of the victim, depending upon the purpose and capability of the trojan.
The attacker can get access to your computers/smartphones – their messages, OTPs, Camera, contact lists, emails, photographs, documents, personal chats or personal details like those of Aadhar, PAN, bank Accounts, bank transactions, personal details and virtually everything stored on the computer, or one does or intends to do on a computer.
The trojans can modify the computer or smartphone’s security and also show obscene information, obscene advertisements, requesting sign-up for malicious websites or apps or steal your personal information including passwords or sensitive info.
Sometimes, malicious apps and Trojans can also be used by fraudsters to send SMS or WhatsApp or email messages to the victim’s contacts, seeking desperate financial assistance or even sending forged or morphed photographs or images to others to defame the victim.
Cautions against Trojans or Backdoors–
(i) Always install mobile apps from official applications or trusted sources. Google Play Store usually displays VERIFIED apps for users;
(ii) Take a closer look at app permissions which you are granting. Before downloading the apps, please go to the section ‘About This App’ and read the details. Towards the end there is a tab on ‘App Permissions’.
Read the details about app permissions carefully, and before downloading or installation.
‘Googling’ or google search about the app and app permissions individually to understand what are the security implications of granting or agreeing to the app permissions. E.g., If you are downloading only an app for clicking photos or enhancing images, it may not require access to the microphone of the smartphones or a gaming app for say playing chess may not require permission for sending emails or contacts;
(iii) Always download security updates or patches from the smartphone or OS manufacturers;
(iv) Install anti-virus apps if possible;
(v) If your phone has suspicious activity, it is better to uninstall the malicious apps and may even re-boot the phone.
Rupin Sharma
rupinsharma@gmail.com
