Not all crypto apps in App stores are safe

[Bitcoin_Arena]

Most of us trust app stores such as google playstore while knowing that all the apps in there are verified, safe and don't have any malicious intent on our private information and funds but this is not always true.
These app stores are a sea of good and bad apps. Therefore extra steps must be taken to safeguard your funds and other sensitive information.

Time and time again I have seen articles like this Ethereum Scam App Appears on Google Play Store, Malware Researcher Reports and I just thought may I would try to alert some users here about it and how you may avoid being a victim

Am gonna look at majorly Wallets and Exchange apps. Of course, this can stretch out to other apps like trade signal apps, price alerting apps but they are not as damaging as the first two.


A. FAKE WALLET APPS

These are created with the intent to;
1. Lure you into importing your address in them thereby giving the hacker behind the wallet your private key or mnemonic phrases. The hacker later uses your private key to access your account and withdraw all the cryptos in it

2. Generate for you a public and private key which the hacker already knows, as soon as you send your digital assets into your new wallet, the hacker just withdraws it since he has access to the private key

A classic example of such fake crypto wallets is this:

 

B. FAKE EXCHANGE APPS

This is common especially with exchanges that are re-known in crypto trading but have no official app. Exchanges like Bittrex, Coinexchange,
Kraken, HitBTC etc
Time and time again, fake apps keep popping up in google playstore. However, on my recent check, I found out that most of them had been removed from the app store
These are created with an intent to phish your login details so that they can easily access your trading account and steal whatever asset you have kept in your exchange wallet.


How to avoid being a victim

1. Get Download links only from Official websites.
Always try as much as possible to download Exchange and Wallet apps from official site links to avoid landing on fake apps in playstore. For example, once you visit the official NEO website, you will be able to see Official and authentic wallets under the client tab; https://neo.org/client
For bitcoin's case, you can easily get your favorite wallet through the "Choose your wallet" tab which can easily be seen on the Official bitcoin Website; https://bitcoin.org/

How to get official project/coin website links?
coinmarketcap is your friend here.



2. Look at the number of downloads
If the downloads are so few, do not download. Authentic apps usually have so many downloads, at least 1000+

3. Look at the reviews
i.   So many reviews mean the app is being used by so many real users, fewer reviews could mean fake reviews.
ii.  Only positive reviews throughout is a red flag, someone is trying to make their app look good to use.
iii. Burst reviews(so many reviews at only a certain period of time) can also mean fake reviews

4. Enable 2 Factor Verifications for all your exchange accounts and emails
This will make it hard for the hacker to get into your exchange accounts and emails.

Be safe with your cryptos folks.

[mudyak99]

Ya, that's right bro many app in appstore is not trusted. Safe way to check it, you can download in their website. I always download any app wallet on their website, because its will redirect to their app. Sorry for my bad english   

[hugeblack]

Prevention is better than cure, do not download any application unless you need it.

 - Check the link multiple times: Clicking or unverifying links makes you download harmful apps.
 - Check out what's paste: Any URL you copy can be changed to malicious addresses.

There are lots of tips but knowing them will save you from losses.

[mk4]

Ya, that's right bro many app in appstore is not trusted. Safe way to check it, you can download in their website. I always download any app wallet on their website, because its will redirect to their app. Sorry for my bad english  

Downloading an app on their official website doesn't automatically mean that the app is safe. You could download the app from it's own website but could end up being a fraud app to start with. So what do you do? Do research on the app that you're planning on using, and take a look at the top alternatives instead. I really don't suggest risking using the newer apps unless it's open source and you can audit the code yourself. A perfect example here would be FreeWallet; they control your private keys, and I've heard a lot of complaints everywhere of people having their funds locked.

[Adriano2010]

Yes not all apps are free of viruses, and is recommend to use the most used apps that have not any problem or scam accusation and if want store large amounts better invest in hardware wallet, i think is the safest way to secure your money and not cost a lot. Better stay safe than losing all earned money.

[Freewallet]

Ya, that's right bro many app in appstore is not trusted. Safe way to check it, you can download in their website. I always download any app wallet on their website, because its will redirect to their app. Sorry for my bad english  

A perfect example here would be FreeWallet; they control your private keys, and I've heard a lot of complaints everywhere of people having their funds locked.

Freewallet uses an account verification procedure to prevent hacking attempts and money laundering. We have an excellent track record of blocking accounts used for illicit activities and we will keep improving our security algorithm.

If you have not been suspected in any illegal activity, you are more than welcome to use Freewallet.

[Freewallet]

Yes not all apps are free of viruses, and is recommend to use the most used apps that have not any problem or scam accusation and if want store large amounts better invest in hardware wallet, i think is the safest way to secure your money and not cost a lot. Better stay safe than losing all earned money.

Freewallet counts 3million users + across its platforms. Right now, I wouldn't even know a wallet with such a great database without both positive and negative feedback. Providing such an extensive service exposes us to competition but we are happy to take it on and provide the best service in the market. 

[logfiles]

Ya, that's right bro many app in appstore is not trusted. Safe way to check it, you can download in their website. I always download any app wallet on their website, because its will redirect to their app. Sorry for my bad english  

I think what OP was trying to mean is that always try to download wallets apps or get download links from the coin's official websites like for bitcoin, you can get download links from The bitcoin project's official site: https://bitcoin.org
If it is an Ethereum wallet you want to download, you can get the download link from the Ethereum project's official site: https://www.ethereum.org

Same thing for Exchange apps, If it's a binance app, get the download links directly from the official website which is https://www.binance.com/clientDownloads.
This way you avoid landing on fake apps.
I hope you now understand

[Coyster]

It's always necessary to go through customer reviews before downloading an app to see if previous customers have had issues with such applications or if there are numerous scams accusations,that way such Info gets you to stay away from downloading through that source.

[kingpin4321]

Yes for sure infact not everything on the internet is safe but I would say our best option would be play store or apple store.

But it's best to get app from the original source but they might direct you to stores so that you can be able to get them

[Gargo]

If we're talking about Android apps, then we can say, that probably none app is safe. Android has so many gaps in the system that every good hacker will have no problem getting into your mobile wallet.

[LTU_btc]

Good topic, OP. This is a serious problem nowadays. There are lot fake wallets in Google Play store. The problem that is very easy to upload app to Google Play - you only have to pay $25 sign up fee. These apps don't even have to checked by Google staff. iOS is better at this aspect because it's more difficult to upload apps to their store.
But it's not that difficult to spot fake wallet. Usually original wallet are shown at the top of search results. Original wallets usually have large number of downloads and many reviews, while one of indicators of fake wallet is small number of doenloads and reviews.

Freewallet uses an account verification procedure to prevent hacking attempts and money laundering. We have an excellent track record of blocking accounts used for illicit activities and we will keep improving our security algorithm.

If you have not been suspected in any illegal activity, you are more than welcome to use Freewallet.

Centralized wallet which can seize users money if they find something what they don't like - this is what we really need. IMO, such wallets aren't much better than these fake wallets mentioned in this topic.

If we're talking about Android apps, then we can say, that probably none app is safe. Android has so many gaps in the system that every good hacker will have no problem getting into your mobile wallet.

Tell us more about what exactly you're talking. Or it's just whataboutism from Apple fan?

[mk4]

Yes not all apps are free of viruses, and is recommend to use the most used apps that have not any problem or scam accusation and if want store large amounts better invest in hardware wallet, i think is the safest way to secure your money and not cost a lot. Better stay safe than losing all earned money.

Freewallet counts 3million users + across its platforms. Right now, I wouldn't even know a wallet with such a great database without both positive and negative feedback. Providing such an extensive service exposes us to competition but we are happy to take it on and provide the best service in the market. 

Hi. I'm not talking about security here. I'm mostly talking about account access or access to funds. FreeWallet doesn't provide their users their wallet's private keys, which is a huge drawback and defeats the purpose of "being your own bank" with bitcoin, or cryptocurrencies in general.

[Freewallet]

Hello,

Thank you for your opinion. We believe it is a matter of personal choice which kind of wallet to use.
We've been providing our service to millions of users throughout the world quite for long. Had we short-term and "dark" goals, we'd leave this market a long time ago.
BTW, our apps are qualified for the Apple Store, too, with a so far good rating.
Every active service is receiveing hundreds of complaints a week and can be often referred to as a "scam" one.
We are always ready to face each individual complaint and resolve it.

[mk4]

Hello,

Thank you for your opinion. We believe it is a matter of personal choice which kind of wallet to use.
We've been providing our service to millions of users throughout the world quite for long. Had we short-term and "dark" goals, we'd leave this market a long time ago.
BTW, our apps are qualified for the Apple Store, too, with a so far good rating.
Every active service is receiveing hundreds of complaints a week and can be often referred to as a "scam" one.
We are always ready to face each individual complaint and resolve it.

Hi. First off, I'm definitely not saying that you're a scam or something, as I haven't tried using your service.

With that said, I'm pretty sure even your service is receiving a good amount of complaints due to accounts getting locked for whatever reasons(due to the complaints I've read in the past on Reddit r/bitcoin and r/cryptocurrency), not only other wallets. Not sure right now though, as I barely visit Reddit these days.

[molecularman]

It's a good idea to bring this up.

It is really easy to get lulled into a false sense of security.  Hey, it is on the official app store,  must be safe, right??         I don't use mobile wallets, but if you do - just go straight to the source,  make it a secondary wallet and only put the crypto you intend to use for that day on it.       That's the only way to minimize your risk.

[Freewallet]

Hello,

Thank you for your opinion. We believe it is a matter of personal choice which kind of wallet to use.
We've been providing our service to millions of users throughout the world quite for long. Had we short-term and "dark" goals, we'd leave this market a long time ago.
BTW, our apps are qualified for the Apple Store, too, with a so far good rating.
Every active service is receiveing hundreds of complaints a week and can be often referred to as a "scam" one.
We are always ready to face each individual complaint and resolve it.

Hi. First off, I'm definitely not saying that you're a scam or something, as I haven't tried using your service.

With that said, I'm pretty sure even your service is receiving a good amount of complaints due to accounts getting locked for whatever reasons(due to the complaints I've read in the past on Reddit r/bitcoin and r/cryptocurrency), not only other wallets. Not sure right now though, as I barely visit Reddit these days.

I'm afraid only we can know if the person spamming on BitcoinTalk, Reddit and other social media has been suspected and found in illegal activity and hacking attempts. Attracting attention is also technique hackers, black PR employees, etc use to spam other services. For example, there is an account on Reddit who's posted about 20 posts attracting attention to his 'account block' but after people saw that his story was different every time, he lost credibility. This is just one of the cases.

What makes Freewallet and our support team different is that we strive to find every user complaint or report and follow up on it.
In conclusion, big titles are big on attracting attention but only in comments you will see a resolution.

[DdmrDdmr]

I came across a post on a personal website (see Fake cryptocurrency wallets found on Play Store), where the author, a malware researcher that works for ESET, writes about how he found recently four Apps on Google Play Store that were fake, and impersonating existing cryptocurrency wallets for Neo, Tether and Metamask.

The author claims that these apps often act as phishing apps or fake wallets where you do not really have the private keys at all. What surprised me most, is that apparently, these apps were created using a drag & drop builder, that required close to zero programming knowledge …

[Thirdspace]

1. Always try as much as possible to download Exchange and Wallet apps from official site links to avoid landing on fake apps in playstore.

this one act will save you countless time from downloading rogue apps
and make sure the official site is also a legitimate well known business that has been around for awhile
an official site without good business track record could still pose a threat and have hidden agenda in its app

[cizatext]

Your analysis are very correct not all apps in appstore are secured in fact the regular cases of hacking into wallets always come from apps from google playstore each time you download any application from the app store your give access to hackers to have access to your personal files and private keys. I lost my coin on an exchange like that.