App Store Flooded with Phony Retail Apps to Kick Off Holiday Season

The holiday season has officially kicked off, which means a number of things for many of us: seasonal cheer, quality time with loved ones, and admittedly for many, lots and lots of shopping. And these days, many of holiday retail sales are happening online. Unfortunately, that also means now more than ever, there’s more holiday-related cybercrime about. In the latest news, ‘tis the season for fake retail mobile apps, designed by cybercrooks to prey on seasonal gift-buyers.

Hundreds of devious apps have appeared in Apple’s App Store, masquerading as the official versions by retailers people know and trust. Imagine an unsuspecting user, trying to score a jacket they’ve had their eye on for months, downloading an app from a retailer likely to sell it. They’re then hit with a special offer of a malicious kind — and they won’t be giving thanks.

Next, any number of consequences can occur. A plethora of fake apps, made by different cybercriminals, is circulating—so there’s a range of profiteering tactics out there. Some merely serve annoying pop-up ads. But other situations can be more severe. For example, credit card information could accidentally be sent to a cyber crook posing as a retailer. And what if you mistakenly authorize a phony app with your Facebook account? Hopefully you haven’t given away permissions to your account, but at the least, your Facebook is likely on some rogue’s list of accounts to run tricks on later. Worst case scenario, these fake apps could actually operate in the background of your device, actively stealing data wherever you may enter it.

That’s already a bad situation, but then consider how easily people can fall victim. The stores being imitated are recognized and popular — Dollar Tree, Foot Locker, Dillard’s, Nordstrom,, Christian Dior, and many others. So the chances are high that cyber crooks will get their sought-after downloads. There’s also the fact that, for someone caught up in the drama of holiday shopping, consumers won’t necessarily be inspecting every store’s mobile interface and ratings for legitimacy.

Now to be fair, Apple has already eliminated many malicious apps from the App Store since major news outlets began reporting on this issue. However, it’s worth noting that ill-intentioned developers behind these fake apps are capable of putting new ones up in the App Store. Chris Mason of Branding Brand, an app building and analytics company, even described the whole process as “a game of whack-a-mole.” It’s quite possible the threats will continue to surface, and users will need to be vigilant to avoid them.

At the end of the day, the holidays are precious — they’re a time for celebration. The good news is that we can certainly still enjoy them, even when shopping on mobile. By making sure to use the right safety precautions, everyone can keep the coming months positive and festive. After all, this time of year is all about appreciation, quality time, and admittedly for a lot of us, the best seasonal sales!

So remember these tips for shopping safely on your mobile device:

  1. Review before you download. How much time do you spend researching an app before you tap ‘download’? Just take a moment, and see if an app is the official version. Scan the official app store for potential alternatives, read the reviews, and don’t download until you’re absolutely sure it’s legitimate. Having your own, strict vetting process will keep you from downloading malicious apps to begin with.
  2. Be careful what information you give. When installing an app, your mobile device may need to grant it certain permissions. And as you use the app, further steps may prompt additional permissions requests, or even Facebook account authorization. Don’t grant any permissions that seem unnecessary, and think twice before opening the gates to your personal data through other apps and services on your device. Remember: you can also check existing apps’ permissions in your phone’s settings, to monitor the level of information you’re providing to different services.
  3. See something suspicious? Act on it. If you spot a peculiar detail or flaw, that should raise some red flags. For example, the Boston Globe reported that a New Balance imitator had a page saying “our angents are available over the hone Monday-Firday.” Hardly any legitimate company would make such flagrant spelling mistakes. Take these seriously, and report suspicious apps when you see them.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.


Introducing McAfee+

Identity theft protection and privacy for your digital life

FacebookLinkedInTwitterEmailCopy Link

Stay Updated

Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.


More from Mobile Security

Back to top