For fear mongers, this is probably the first and last place to be when it comes to detecting malware on your Android device. AV-testgo.org is an independent antivirus testing lab that does one thing, review and text Android anti-malware apps for effectiveness. Nice place, but does it work for Scam ware? Sorry, I am afraid not.
Scamware Doesn’t quite Count as Malware
One of the problems with a listed apps directory is that Scamware doesn’t quite get detected in the first place.
We all remember the scam camera apps from iOS. These blokes passed off the same app with different names and promised you the sky. People who paid for it found it to be sub par in quality and your only way to get your money back was within 15 min of downloading the app. So if you were one of those who downloaded the app, and didn’t check on it fast enough, you would have lost your money.
Google Android has the same problem, it can’t weed out the Scam Apps fast enough. But there is room to maneuver if you made a direct request to Google Playstore.
There is a developer policy which has to be understood by all. And this is very simple.
Section 3.4 of the Android Developer Distribution agreement authorizes Google to provide returns of apps that cannot be previewed for up to 48 hours after purchase:
3.4 Special Refund Requirements. The Payment Processor’s standard terms and conditions regarding refunds will apply except the following terms apply to your distribution of Products on the Market.
Products that can be previewed by the buyer (such as ringtones and wallpapers): No refund is required or allowed.
Products that cannot be previewed by the buyer (such as applications): You authorize Google to give the buyer a full refund of the Product price if the buyer requests the refund within 48 hours after purchase.
Why Aren’t they Stopping the Scams?
This is the most difficult part. They can’t. Malware is easier to deal with, they infect your handset with a virus or get it to send expensive SMS to a foreign country. This sort of double-dealing is all in the code. Scam apps don’t rely on code or APIs to cheat you. They win your confidence over like a trickster.
Apple iOS has a built in set of APIs which you cannot change. You are not allowed to develop an app using your own API routines but even this is no promise of safety as Scam apps basically pretend to be something they are not. There is nothing in the code that yells “CHEATER” in the app. Android is more lax, there isn’t such restrictions so any badly made app can be labeled a scam app if it doesn’t work on your device. What’s more, Google was late to the party when it came to parsing code for malware whereas Apple has locked down the APIs as far back as five years ago.
Difference between Scamware and Malware
Malware comes in a few guises, some steal passwords while others will run background apps in secret to mine Bitcoin without you ever knowing it. Finding them isn’t easy unless you have a Malware or virus scanner. Scam ware is even harder to detect. You can only bring such apps to the attention of Google or Apple and ask for action. From a legal standpoint, when an App does not work as advertised on your device, it cannot be automatically assumed to be scamware.
The problem is further compounded by the absolutely giant market place on the App and Play store. Badly designed app isn’t a crime and if that app suddenly tells you that it can grant you wishes at any Vegas slot, well who are you to disagree? You are already assuming that Apple has protected your interest so it must be true that this app will work.
Google has made it clear that the Playstore is an anything goes place, and they have taken some steps to stop the malware apps but not the Scam ware.
Scams are omnipresent all over the world, there is even an App that tells you about the other worldly scams but not the apps that scam you.
The only solution is to have an app depositary that blacklist the very people who sell such apps online. Don’t count on Apple or Google to do this for you. It’s not their beef.
Scam apps are made by snake oil salesmen, they want you dollar and the only way to get it back is to ask for a refund after the first 15 minutes of downloading the app from the Apple Appstore. Apple will not entertain any refunds thereafter unless the purchase was made by a kid. If you were an adult, I think you will have to convince them that you had a child even when you don’t have one to get your money back.
There is still hope for Google if you found out that you have been scammed. Just tell them the app don’t work and doesn’t launch, and you will have your money back as long as it is reported within 48 hours of purchase.
Beware of the in-App purchases
There are loads of in-app purchases that can be classified as scam ware. They don’t offer you anything that works beyond the freebie you just downloaded. I know it sucks but that’s how the way it is. There is no 15 min grace for testing the in-app purchase. So once you hit the buy button, you’re shanghai-ed into another world.
Reading reviews on the app doesn’t always help to validate what it does. These reviews can be manufactured and all you have to do to get a gig going with them is to rate an app advertised on numerous freelancer sites around the world that are looking for mobile app reviewers. These freelancers get paid to list such reviews and upon doing so, misleads the whole world into a scam trap.
I have Kingsoft’s mobile security install and running all the time on Android. I would recommend you to do the same if you happen to like downloading lots of apps to play with. It is by no means the most secure net, though it is highly rated, since there is no way to protect yourself from scams in the first place.
Your best bet is to read reviews on trusted mobile app review sites to get an idea if this does what it claims to do before buying them online.