The cybersecurity firm, Symantec, has brought to light about 152 fake Android apps masquerade as apps from Reliance Jio on Play Store. The apps are widely circulated online with the promise to offer free data packages ranging from 25GB to 125GB for varying periods from one day to one year. To recall, Reliance Jio launched 4G VoLTE services back in 2015 to commemorate the occasion of the 83rd birthday of Reliance Industries founder Dhirubhai Ambani. It attracted 4G customers to its network by offering free data packages and thereby created ripples in the telecom space. Within no time, Reliance Jio has become the largest 4G network provider in India, and now the telecom giant has a healthy user base of more than 300 million subscribers.
The Symantec research revealed some interesting facts; the research firm found that the fake apps easily duped the Jio customers, thanks to the similarity in appearance of the icons and the user interface. The main motto behind the false claims seems to be for the generation of advertising revenue for the app developers. The users who download the apps did not receive any data benefits; rather, they were used as a source of income generation. The research firm further found that more than 39,000 users have installed these fake apps in the period spanning between January to June. The majority of the users happen to be from India.
So, How did the fake apps succeed in duping such a large number of users?
The success of these pseudo apps can be attributed to four major reasons: Similar app icons and user interface, a false impression of progress, encouraging users to share apps with the contacts to avail free offers and finally tricking users to click ads.
Let’s check each of them in detail:
Similar app icons and interface:
All the apps display similar app icons with slight variations in the app names. The apps easily trick users into downloading malicious apps. Further, the user interface is stunningly similar to the original My Jio app, and hence, there is never a chance of any suspicion.
The false impression of progress:
In the next step, the app asks users to enter their mobile number. After the user enters his number, then there appears a rotating progress circle that dupes customers as if it is connecting to the Jio servers. However, in reality, nothing happens as such. After some time, the app displays a congratulatory message saying that the user is eligible for the offer. The Symantec found that the app grants free data eligibility to all users irrespective of the validity of the number.
Share the app with contacts:
Next, fake apps ask users to share the app with ten contacts to avail free data benefits. Some apps didn’t even care about the user consent and shared the apps automatically to the user contacts via SMS. The messages contained the download link of the malicious app.
The final step is to dupe the users in clicking the display ads with a pretext of offering free data. Once, the user clicks the ads; then it leads to the opening of a barrage of web pages opening on the device.
Mitigation measures to stay safe from such malicious apps
- Install apps only from trusted sources
- Keep your phone software up to date
- Do not install apps from untrusted sources
- Frequent back up of important data