What are rogue apps?

A ‘rogue app’ is a piece of malicious software (‘malware’) disguised as a mobile web application (popularly known as an ‘app’).

These rogue apps are made available via online app stores, designed especially to encourage smart phone users to download them. For example, they can be disguised as ‘free levels’ to popular and legitimate online games, or even as security tools.

But when you download the app, you also download the malware. Most of the time, you won’t even know that the malware is on your phone as it tends to do its ‘dirty work’ in the back end infrastructure of your phone’s software, hidden from view.

What are the risks?

Being able to access the internet through a smart phone (which includes android, iPhone and Blackberry devices) is now commonplace. These devices are essentially ‘mini laptops’ carrying lots of our personal information. As such, smart phones are now as at much risk from online fraud and other online threats as computers and laptops.

As with any method of accessing the web, protecting our personal data is vital, particularly if your phone falls into the wrong hands. See our advice on Protecting mobile phones.

But fraudsters are also using other methods, such as rogue apps, to trick us into downloading malware which can do a great deal more damage.

Once this malware is on our phones, it allows fraudsters to make calls, send and intercept SMS (text) and voicemail messages, and browse and download online content. This means they have access to any personal and payment data that is on the phone if you know where to look. This data can then be sold onto and used by identity fraudsters, and to ‘spam’ other mobile web users to commit further fraud.

In one scam, fraudsters are using this access to repeatedly send SMS messages to their own premium-rate services. Often the victim is unaware anything is wrong until they see their phone bill. These scams are stealthier than previous premium-rate call scams because they do not ‘tie up’ a victim’s phone line and are able to hide any suspicious activity from the user.

What can I do to avoid rogue apps?

We recommend smart phone users install software security, including anti-virus and anti-malware, on their devices. This is widely available from reputable security software vendors such as

Trend Micro
Symantec
AVG
And others

Currently this is not offered as standard by handset or network providers. We suggest contacting your network provider in the first instance for guidance.

The other things you can do are:

•  Before you download a new app, type the name and developer information into an online search engine  - this will immediately tell you if other users have reported any problems
•  Look out for signs of surreptitious activity on your phone. If your battery suddenly starts draining really quickly, consider that it might be a malware problem
•  Check your phone bill online on a regular basis - more often than once a month, that way you can keep tabs on any unusual activity

What do I do if I think I already have a rogue app on my phone?

The first port of call should be your mobile network provider – tell them about any unusual activity on your phone or in your bill. If it turns out you have been a victim, you should also report it to ActionFraud.

If you think you have been affected by the ‘premium rate SMS’ scam mentioned above, we also recommend contacting PhonepayPlus, the UK’s premium rate phone regulator. They can log complaints about phone-paid services.