How to Avoid App Store Scams

Apple’s and Google’s approval guidelines are notoriously lax—and they won’t keep out apps that are after your money and data. Here’s how to sniff them out.
man on ipad
Photograph: James D. Morgan/Getty Images

Despite Apple’s review process for apps on the App Store, sometimes terrible scams slip through. Even more so for Google’s Play Store, where apps aren’t subject to human review before going live. If you’re having a hard time figuring out how to avoid app store scams, you’re not alone. Fortunately, there are some helpful guidelines you can follow to keep yourself safe.

Scam apps come in a variety of forms. Some will pretend to be popular, legitimate apps–or even spoof the name of a feature of the operating system itself–only to inject their own obnoxious ads that would appear out of nowhere, steal your personal information, or download malware. Other scams offer a simple service, only to charge exorbitant subscription fees before letting users try the app themselves, and then fail to deliver. Regardless of what form the scams take, the best protection is to avoid installing these apps entirely. With that in mind, here are some key signs to watch for.

Don’t Trust Star Ratings on Their Own

Both Apple and Google prominently feature an average star rating for each app, to give you a quick, easy-to-understand idea of how users view an app. An app with an average rating of 4.7 stars is probably more trustworthy than an app with an average 1.7-star rating, right?

Unfortunately, it’s not that simple. Not every star rating comes with a written review, and it’s relatively easy for malicious actors to game the system by generating (or buying) mass ratings to tip the scales. An app with hundreds of bad reviews but tens of thousands of 5-star ratings can seem like it’s very popular, even though most people who have actually used it hate it.

This is what developer Kosta Eleftheriou found while researching an app that had a 4.6-star rating. Eleftheriou found that the vast majority of written reviews had 1-star ratings. Looking at only those ratings that came with accompanying reviews, the app’s rating dropped to 1.6 stars, a massive difference. If an app were legitimately as good as a 4.6-star rating would make it seem, it would be reasonable to expect at least some more positive written reviews, but the majority of negative reviews tell a different story.

This often happens with popular apps that have basic, easily reproducible features. “Most scammers go after high-traffic keywords and categories such as wallpaper, weather, scanner, and VPN apps—to name a few," says Eleftheriou. "They then look at some of the popular apps and clone their basic functionality, focusing more on how to lure new users in and get them to sign up for the service, hoping they will then forget to cancel or won't know how.”

Eleftheriou is currently suing Apple over alleged abuses of its monopoly power.

Read Reviews (and Not Just the First Few)

Since star ratings can be gamed to be decieving, it’s worth reading the reviews themselves. But if you think that means you can just glance at the first couple, here's even more bad news: Those can be gamed too. A small cottage industry of review sellers exist so that shady developers can buy fake reviews to boost their app’s performance (or harm a competitor’s), in order to rank higher in app stores.

One common trick for review manipulators is to use dummy accounts to mark a particular fake review as “helpful,” which will make it appear higher in the list of reviews. If you scroll to the review section on an app’s listing, the first few reviews you find can sometimes be artificially pushed higher. Swipe through to see a few more on a scam app’s listing, and you might start to see very different reviews.

“The good thing is that, unless we're talking about a brand-new app with no reviews, scams will inevitably accumulate a lot of bad reviews, particularly ones that literally accuse the app of being a scam,” Eleftheriou said. “And while scammers can try to drown these reviews with fake ones, they can't ever make the bad ones go away.”

One way to make sure you’re getting the real story on an app is to check out the 1- and 2-star reviews first, to see what specifically made people dislike it. There will always be negative reviewers who are simply complaining because they didn’t understand how an app works or because they have a grudge. But if you find dozens of reviews saying an app stole money or doesn’t do what it claims to do, that should give you pause.

Don’t Give Money Without a Free Trial

An app that injects ads into your phone is annoying enough, but when an app demands money for a service it doesn’t actually perform, that’s even worse. No matter what app you’re trying to use, maintain a clear red line in your mind when it comes to turning over cash. No app should get your money unless you have good reason to believe you’ll get what you paid for.

One key way to avoid getting cheated is to insist on a free trial. Both Google's and Apple’s stores have mechanisms that developers can use to offer trial subscriptions to their services, and both have policies requiring developers to disclose how to cancel a subscription before a user gets charged more than they expected (though some scammy developers still skirt around this requirement). In general, you can expect at least a three-day free trial for any subscription-based service, and you should be able to cancel before you get charged.

Of course, scam developers hope you’ll forget and pay for a service you don’t actually use or want. Some scam apps have been found to start with a three-day free trial but quickly pivot to a $10 charge every week. Not month. Week. Some variation of these scams have been happening for years. These charges can add up fast, and if you’re not paying attention to what you agree to, you could end up shelling out nonrefundable money for an app that doesn’t do what it claims.

If you’ve already read an app’s reviews and decided to give it a chance, start a free trial and test it immediately. Don’t let free trials sit, and cancel them immediately if you decide an app isn’t worth it. And make sure you check out how to cancel subscriptions through your phone. Both Google and Apple have tools to cancel all your existing subscriptions in one place, so you don’t have to dig through each app’s settings to find the button that the developer doesn’t want you to find.

Avoiding apps that want to steal your data or install malware can be harder, since they won’t always have an obvious threshold like asking for payment information. One way to get around this is to treat your permissions as a similar filter for apps you don’t trust. Not sure why a weather app needs access to your contacts? Don’t give it to them. And, once again, if you’re not sure whether an app is out to steal your data, read the reviews .

Above All, Seek Trustworthy Recommendations

Chances are good that if you find a new app to try out, you’ll find it through your phone’s app store, but that’s not your only option. As we’ve seen, rankings, reviews, and ratings can all be gamed, and sometimes whole companies exist to manipulate them. So if you’re looking for a new to-do list app or PDF scanner, try finding sites or forums with suggestions first.

Many sites (like WIRED) will round up apps in a particular category, and will test or research them for you. It's still a good idea to check out the apps for yourself, but starting with a recommendation from a human who was paid to vet them can serve as a useful first filter.

You can also get recommendations from forums, groups, or even just friends and family. No one’s paying these people anything–not even to vet apps–so you’re more likely to get a recommendation for an app that was genuinely useful to them. That doesn’t mean you should blindly trust any stranger you meet on the internet, but if everyone in a group agrees that Discord is a better way to socialize than Zoom, then it’s at least worth starting your search there.

Unfortunately, there’s no silver bullet to defeat app store scams. But if you find recommendations from people you trust, treat ratings with skepticism, and carefully read reviews before downloading, and never give an app money until it’s proved itself to you, you’ll do a far better job of avoiding scams than the average user.


More Great WIRED Stories