A great running gag in the American comedy classic “Coming to America” is McDowell’s, a fast-food restaurant in Queens, NY, that’s an obvious rip-off of McDonalds, complete with golden arches (“Golden Arcs,” owner Cleo McDowell would correct you). Instead of the Big Mac, McDowell’s offers the exact same as the Big Mick… Except no sesame seeds on the bun.
In digital media, running into spoofed websites, apps, and app stores is an unfortunately common occurrence, and definitely not humorous in the least bit for security, marketplace quality, and ad ops professionals.
Which is why The Media Trust has been particularly alarmed by the rise in advertising clicking through to third-party app stores that spoof the environments of major digital marketplaces like Apple’s App Store and Google Play. We’ve created a new Threat Type called Fake App Store — this new type will enable clients to action this specific issue while keeping it separate from other threats.
Threat or Not?
While not all third-party app stores mimicking known marketplaces are necessarily malicious, they should be approached with caution as they are clearly trying to mislead consumers. Spoofed domains have long been used for phishing attacks and the distribution of backdoors that can deliver credential scrapers, ransomware, and more.
But the app space can be different — apps could choose a third-party app store rather than (or even in addition to) Apple’s App Store or Google Play. First off, they may be trying to avoid Apple and Google’s large revenue commissions, or trying to get around these marketplace’s strict rules around content, pricing, payment systems, gambling, and more. Third-party app stores also make more sense in certain geos (e.g., China) and allow more freedom in terms of updates and offerings.
Still, it’s concerning when an app store tries to make itself look like a well-known marketplace. That speaks to a desire to mislead consumers, which is something that The Media Trust cannot ignore.
Introducing New Threat Type Fake App Store
Here’s the description for our new threat type, Fake App Store, which appears in the TMT UI and reports:
The landing location for this ad leads to a digital marketplace that mimics the aesthetics of well-known, legitimate digital storefronts for purchasing and downloading software applications — e.g., Apple’s App Store or Google Play. Not only is the advertiser trying to mislead consumers about the landing destination, the use of such Fake App Stores also suggests that the advertised app itself may be of questionable quality or even a security risk.
We hope this is a valuable addition to keep consumers safe, maintain a reputation for high-quality, and of course — drive revenue. If you’d like to know more about this threat type as other ways The Media Trust looks out for the safety of consumers and your business, fill out the form below and we’ll get right back to you.
