CSC warns against downloading and using fake applications

As part of the weekly awareness campaign of the "Cyber Pulse" initiative launched by the Cyber Security Council (CSC), the Council warned in its weekly message against fake applications and the risks associated with downloading them onto users’ devices. Emphasizing that such applications may serve as gateways to data and information theft, fraud, or cyber extortion. The "Cyber Pulse" campaign stressed in its weekly awareness message that avoiding the download and use of such applications helps individuals minimize risks, limit fraudsters’ access to user data, and safeguard personal information. 

CSC affirmed that fake applications have emerged as one of the most dangerous tools of cyber fraud, threatening both individuals and institutions alike. The Council noted that the danger of these applications extends beyond mere data theft; they also lure victims and subsequently blackmail them after obtaining sensitive information, images, or financial data, exploiting the trust of users who download these applications without sufficient verification. 

In its weekly Message, the Council highlighted that fake applications have become more sophisticated than ever. Fraudsters meticulously replicate the interfaces of legitimate applications, using names and logos that closely resemble authentic ones. Estimates indicate that more than 85% of fake applications impersonate well-known apps, making detection a genuine challenge even for experienced users. The threat goes beyond visual imitation, as fraudsters increasingly combine these fake applications with deep fake technologies to deceive users through fabricated videos or audio recordings that convey false credibility. 

The awareness campaign further stated that approximately 73% of institutions in 2025 exposed to some form of cyber fraud through fake applications and other malicious digital tools, reflecting the scale of the phenomenon and its direct impact on the digital economy. In a single year alone, more than 200 fake applications identified, collectively downloaded over 40 million times via the Google Play Store, an alarming figure that underscores the speed and breadth with which such applications can reach millions of devices worldwide before detected and removed. 

CSC explained that distinguishing between a legitimate and a fake application is possible through a set of measures often overlooked by users. The first element to verify is the developer’s name; authentic applications typically issued by well-known companies or verified developers, whereas fake applications often display unfamiliar developer names or names that closely mimic the original with slight variations. The logo also serves as an important indicator: while it may appear identical at first glance, closer inspection often reveals subtle differences in color, resolution, or design. 

The Council further emphasized that reviews and ratings constitute another critical detection tool. Fake applications frequently feature exaggerated ratings or repetitive comments with similar wording, or conversely, numerous complaints regarding malfunctions and unjustified permission requests. Requested permissions themselves represent a serious red flag; it is illogical for a simple application to request access to photos, the camera, location, or contacts without a clear and legitimate reason. The update history also reflects the professionalism of the developer: genuine applications receive regular updates to address vulnerabilities and enhance performance, whereas fake applications typically lack a consistent update record or display a very recent launch date with no prior history. 

The Council warned that the gravest risk lies in the fact that some fake applications do not stop at stealing data, but instead use the stolen information to financially extort victims or threaten to publish private content. In this context, the weekly awareness campaign of the Cyber Pulse initiative underscored the importance of adhering to several decisive steps. Foremost among them is refraining from paying any sums of money under any circumstances, as payment does not guarantee that the extortion will encourage FOR further demands. Victims are also advised not to send any additional information, images, or documents, as doing so provides fraudsters with further leverage. 

The Cyber Pulse awareness campaign launched by the Cyber Security Council and now in its second consecutive year across social media platforms, forms part of the United Arab Emirates’ ongoing efforts to build a secure cyberspace that protects users from escalating digital risks and keeps pace with rapid technological advancements. This aligns with a comprehensive national vision aimed at strengthening trust in the country’s digital ecosystem, promoting a culture of cyber security, raising digital awareness among families and individuals, and reinforcing cyber security practices to ensure the safety and privacy of citizens and residents in an era of accelerated digital transformation.