Counterfeit Apps Put Smartphone Shoppers At High Risk For Identity Theft
SAN FRANCISCO (CBS) -- Cyber security experts warn that smartphone shoppers could be at risk because of dangerous and sometimes counterfeit apps.
Nicole Barker likes shopping through her apps but didn't realize they could put her identity at risk.
"It's really scary because you trust those brands when you see them and you just accept or trust that that's who you're dealing with," she said.
A company that creates many of those apps for major retailers found some shopping apps for names like Dillard's, Payless, even Christian Dior and Jimmy Choo, weren't real.
"We found that there was hundreds of fake apps… hundreds," said Chris Mason, CEO of Branding Brand.
"If you take those apps down and you get rid of that provider, you'll find them showing up in a different form with a new name, new credentials and it just keeps happening," he said.
Gary Miliefsky with cyber-security firm Snoopwall says it's all about criminals getting hold of your private information.
"Some of these apps, these counterfeit apps are so good, they give you a complete shopping cart experience," said Miliefsky. "Everything through the congratulations, here's your order number, it's on its way and then you'll never get the goods."
But Miliefsky points to something even more disturbing with super-popular emoji keyboard apps. These keyboards replace the one on your phone, giving you an endless supply of emoticons for every occasion. He says many can also gain access to your contacts, text messages, possibly even passwords.
Google Play says it scans apps "for potentially malicious code as well as spammy developer accounts" and they have a separate tool for Android devices to 'verify apps'.
Apple says they "provide notice on all keyboard apps about the fact that these apps can have access to what you type" except for passwords, which Apple says can only be typed in using the regular keyboard.
If you absolutely have to have those cute emoticons the experts' advice is don't install one that's free. Pick one you pay for preferably from a developer based in the United States.
If requests pop up on your iPhone where the keyboard wants to use the Internet, access your contacts, or locate you through GPS, just say no.
