What is a fake app? How to identify and prevent fake apps?

Content points

• Fake apps refer to those apps that criminals use various means to repackage genuine apps and pass them off as real apps.

• Scammers often try to hide malware in fake app listings listed on third-party or official app stores.

• Users must download the official Binance App from official channels, such as the Binance website, Google Play Store or Apple App Store.

Fake apps are one of the major risks that threaten the security of user assets.

From the logo to the description, the fake app looks exactly like the real thing. On the surface, they have the same interface, services and functions as the genuine App. Some fake apps even repackage the source code of official apps.

However, if you look closely, you will find that malware is secretly spying on your phone activity or trying to steal your personal information and assets. Scammers will spread fake apps through a variety of means, including third-party or fake app stores, some official app stores, and even social engineering attacks through emails or text messages.

Next, let’s discuss two methods of fake App disguise commonly used by fraudsters: counterfeiting and source code repackaging.

Example 1: Counterfeiting

As the name suggests, counterfeiting refers to the practice of pretending to be official programs with similar names, logos, and functions to deceive users. In the following example, the counterfeit app attempts to impersonate the official BNB Chain App.

Disclaimer: The content of this image depicts a fraudulent app that is not affiliated with Binance in any way.

Example 2: Source code repackaging

The second method, the disguise method of source code repackaging, is difficult to identify at a glance. This type of fake app modifies and repackages the source code and uses the same metadata as the official app, including the same name and icon. In the following example, this is no longer the official Binance App, but the Binance App that has been repackaged with source code. You will find that it looks the same as the official Binance App on the surface.

Disclaimer: The content of this image depicts a fraudulent app that is not affiliated with Binance in any way.

Different types of fake apps and their harm

1. Advertising robots: Fake apps sometimes contain a lot of annoying spam ads, which may even appear in your phone calendar or other places.

2. Bill fraud: Scammers will use fake apps without your consent and automatically charge your mobile phone bill.

3. Botnets: Cybercriminals will use your phone as part of a DDoS (distributed denial of service) attack to mint crypto assets or spam other potential targets.

4. Malicious content: Fake apps will contain inappropriate content, such as hate speech, pornographic information, or violent information, etc.

5. Malicious downloads: Although they may not necessarily contain malicious code, fake apps can cause users to download other malicious or unwanted software to their devices.

6. Phishing: Criminals will use fake app login interfaces to steal your login information.

7. Privilege escalation: These fake apps ask for privilege escalation, allowing criminals to disable core security features of your device.

8. Ransomware: This type of fake app will infect your device with ransomware, making it impossible for you to access your data, and at the same time encrypt your data so that it cannot be read.

9. Compromised apps: Compromised apps may contain code that disables your device’s built-in security features and performs actions harmful to your device.

10. Spamware: As the name suggests, this type of spam app will send spam messages to your contacts or spam your device in large quantities.

11. Spyware: Spyware apps send personal data to third parties without your consent. Personal data may include text messages, call records, address books, email records, photos, browsing history, GPS location, encrypted asset addresses, and mnemonic phrases of other apps on your device.

12. Trojans: Once installed, Trojans may appear harmless on the surface—but behind the scenes, they can secretly carry out malicious actions, such as harvesting personal data or sending advanced text messages through your device without your knowledge.

Fake apps in the crypto asset space often replace the addresses displayed on their deposit and withdrawal interfaces. When users initiate transfers, their assets end up in the scammer's account. This is one of the most common ways cryptocurrency users lose their assets to fake apps.

As a general guideline, we recommend depositing or withdrawing a small amount of money as a test trial before preparing to trade.

How users can detect and prevent fake apps

Before downloading the app, please be aware of the following red flags:

1. Deformed icon: Fake apps will try their best to imitate the version of the app listed on the official app store. Don’t be fooled by the distorted icons.

2. Unnecessary license agreement: Before downloading an app, please read the developer’s privacy policy. Once downloaded, fake apps often ask for unnecessary authorization.

3. Suspicious user reviews: Be wary of any app with too many negative or positive user reviews.

4. Grammatical errors: Genuine app developers will check carefully to avoid spelling errors or wrong app descriptions, but criminals who package fake apps will not. If there are many obvious grammatical errors in the App description, please be wary.

5. Few downloads: The number of downloads of widely used genuine apps is usually very large, while the number of downloads of fake apps is very small. For example, the official Binance App has been downloaded more than 50 million times in the Google Play app store alone.

6. Fake developer information: Before downloading, you need to check the App developer information. Has a legitimate company, email address or website been provided? If so, conduct a web search to verify that the information provided relates to an official agency.

7. Newer release date: When was the app released? If the release date is new and the number of downloads and user reviews are relatively high, the App is likely to be a fake App. Genuine apps with high user reviews and downloads have usually been on the market for at least several years.

Before downloading any App, please be sure to follow the above guidelines. Carefully read the app description, user reviews, and the developer's privacy policy. Most importantly, don't click on any suspicious links. Even some official app stores have fake apps listed from time to time.

If you receive spam messages, strange notifications, or unusual requests from people pretending to be “Binance employees,” please proceed with caution.

If you download a fake app or click on a suspicious link, your phone, assets or personal information may be compromised without your knowledge.

If you suspect that you have downloaded a fake app, please delete it immediately, restart your phone and report it to the relevant app store. While it's not guaranteed to be 100% secure, enabling two-factor authentication (2FA) can maximize the security of your funds, even if someone else manages to steal your login information.

Please download Binance App from the following official channels

1. Binance official website

2. Google Play App Store

3. Apple App Store

Above, if you are unable to download Binance App through the above channels, please contact download@binance.com to obtain the download link of the genuine Binance App.

Please note that before downloading and installing any App that looks like "Binance", it is your responsibility to conduct your own due diligence and follow general security measures to ensure it is legal.

Binance is not responsible for any losses that may result from the use of fake or illegal Apps.

Further reading

• (Blog) Today’s topic: Anti-phishing codes and how to protect yourself

• (Binance Academy) 7 Easy Steps to Secure Your Binance Account

• (FAQ) Beware of online/phone scams impersonating Binance officials

Risk Disclaimer: This content is provided to you on an "as is" basis for general information and educational purposes only, without any representation or warranty of any kind. This article should not be considered financial advice and is not intended to recommend the purchase of any specific product or service. Digital asset prices may fluctuate. Past performance is not a reliable indicator of future performance. The value of your investment can fall as well as rise and you may not get back the amount invested. You are solely responsible for the investment decisions you make. Binance is not responsible for any trading losses you may suffer. To learn more, please see our Terms of Use and Risk Warning.