Don’t fall for fake holiday apps

SEATTLE -- Online shopping is more popular than ever,  and now more people are moving from their PC to their smartphone. But do you know how to spot a good app from a bad app?

Some things follow the same rules as shopping from your PC or your laptop. Make sure a website is secure. The URL, or web address, will begin with “https://” before the site’s name. It might be difficult to see that from your phone, however there should also be a green lock icon as well.

But apps are a different animal and there are specific things you should look for to keep from getting ripped off. First, use a legitimate app from a legitimate company.

“The bad guys are starting to realize, it’s actually kind of easy to spoof an app to look like it’s for a legitimate company,” said Marc Laliberte, Information Threat Security Analyst at WatchGuard Technologies.

Laliberte says before you download an app, check the number of downloads and when reviews were posted.

Legitimate companies will have millions of downloads. Even smaller companies will have a large number of downloads. If you see one with just a couple of thousand, Laliberte says that should be a red flag.

He says to also check the developer’s name, including the spelling. “A lot of times, bad guys will intentionally misspell the name of the company to get past censors.”

And it’s not just spelling that’s a problem. Put all those grammar rules you learned in school to use.

“Check the menu icons. Make sure there’s proper grammar with the different links inside and descriptions of things. Grammar can really give away a lot of the bad guys hiding places,” said Laliberte.

He says most bad apps come from outside the United States and from non-English speaking companies. English is a difficult language, especially to non-native speakers, so this is a particularly telling giveaway.

Apple’s App Store and the Google Play store are pretty good about keeping out the bad actors. Laliberte says Apple’s ecosystem is really safe because they have a very demanding vetting process in place. Google has been playing catchup but is making good strides to keep apps secure. Both companies are now using active malware scanners to find any problems.

But as much as they do, there’s still much we can do to safeguard our credit card information as well as our personal information.

“As consumers, we need to be more mindful about the kinds of information we’re giving about ourselves, said Laliberte. “And really question, ‘Does this company really need to know my gender or my age or my street address if I’m not expecting them to ship something to me.”

He believes much of this comes down to people being trusting. “If we see an app on the App Store for a company, we’re going to trust it’s probably that company until we spot something that’s a red flag. With a lot of these companies, we tend to trust them, that they’re not going to take our information and do something awful with it.”

So in the end, as we get into the height of the holiday buying season, the safety and protection of your information come down to the old Russian proverb made famous by former president Ronald Reagan: “Trust, but verify.”