PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

ISIS Confronts Fake Android Apps

When you don't have a guaranteed, official source to get apps from—like an app store—then you run the risk of dumping malware on your device with a sideloaded .apk.

David Murphy
 & David Murphy Freelancer

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Everyone has an app, it seems. And it should come as little surprise that ISIS, or the Islamic State, also has its own app. Apps, really—and they're all installable on Android devices, which is much easier to deal with for sideloading apps than an iOS device.

According to a report from Motherboard, ISIS has at least six different mobile apps that interested parties can grab and install on their devices. You won't find these on the Google Play store, obviously, but it's not that difficult to pass an .apk around to a community of people through websites, emails, physical media, et cetera.

However, this unofficial distribution process makes it easier for others to host fake versions of apps and pass them around as if they were real. And that's exactly what's happening in the case of ISIS. Warnings are currently being issued that altered versions of these apps are floating around—a valuable means of intelligence for those that want to learn more about ISIS innerworkings, no doubt.

"Recently, a fake copy of al-Bayan broadcast, 'Amaq, and others were circulated. The publishing individual claimed that they are in several languages and it appeared that it aims for breaching, so we advise all supporters of the State of the Caliphate to count on the official channels while uploading these applications and verify the digital fingerprint for the application before starting it," reads one such warning, published to various ISIS social media channels and distributed by those who actually built (and host) some of ISIS' apps.

It's likely that ISIS will keep creating new apps and updating its existing apps regardless, and the threat of hijacked apps will just have to be in the background of supporters' minds when they go to install something new. We wager that not many people are looking at checksums to determine whether the .apk files they're installing are identical to the "real" .apk files that more official sources are putting out. That, unfortunately, is a common issue when there isn't really a centralized location to obtain these kinds of files—or, at least, not one that is guaranteed to remain online 100 percent of the time.

What we don't know is what group (or groups) is specifically trying to hijack ISIS' apps and what they plan to learn from doing so. Or, for that matter, if these attackers have more nefarious plans in mind: Sideloading malware onto supporters' devices instead of just trying to learn more about them (and possibly their account credentials for other services).

About Our Expert

David Murphy

David Murphy

Freelancer

David Murphy got his first real taste of technology journalism when he arrived at PC Magazine as an intern in 2005. A three-month gig turned to six months, six months turned to occasional freelance assignments, and he later rejoined his tech-loving, mostly New York-based friends as one of PCMag.com's news contributors. For more tech tidbits from David Murphy, follow him on Facebook or Twitter (@thedavidmurphy).

Read the latest from David Murphy

Read full bio