How to Check if an App is Safe to Download

Google removed over 2.3 million apps from the Play Store in 2025 for policy violations. Apple rejected 1.7 million submissions. Yet malicious apps still slip through — in January 2026, researchers identified 13 Play Store apps containing banking trojans downloaded over 300,000 times combined.

Rule 1: Only Download From Official Stores

Google Play Store or Apple App Store exclusively. Third-party stores and direct APK downloads bypass all security review.

Rule 2: Check the Developer

Tap the developer name. Look for: multiple well-reviewed apps, a legitimate website, proper contact info, and a name matching the app brand. "Chase Mobile Banking" not published by "JPMorgan Chase" is fake.

Rule 3: Read the Permissions

A flashlight app should not need contacts, microphone, or SMS access. Banking trojans request SMS to intercept 2FA codes. Almost no consumer app should request device admin privileges.

Rule 4: Analyze the Reviews

Sort by "Most Recent." Generic 5-star reviews are easily faked. Detailed 1-star reviews mentioning charges, battery drain, or strange behavior are serious warnings. All-5-star with generic praise = likely review-farmed.

Rule 5: Check Download Count and Age

47 downloads is riskier than 4.7 million. An app available for years with consistent updates is more trustworthy than one published last week.

Rule 6: Run a Security Scan

• Android: Google Play Protect — open Play Store > Profile > Play Protect
• Third-party: Malwarebytes, Lookout, Bitdefender mobile

Types of Malicious Apps

• Fleeceware: Exorbitant subscriptions after "free trials" ($260/year for a QR scanner)
• Adware: Aggressive ads including full-screen ads outside the app
• Banking Trojans: Overlay fake login screens on real banking apps
• Spyware: Record location, calls, messages, keystrokes

IsThisAScam's 6-layer detection evaluates app-related links and download pages. See best anti-scam apps for iPhone and Android.