App Store

    Fake apps and brand impersonation in app stores

    A 2026 view of a fake app impersonating a real one's name and icon in an app store to harvest user credentials, with the brand owner reporting it for removal

    Most app-security advice is about protecting your own app, but there is a threat that comes from the other direction: someone publishing a fake app that impersonates yours. A clone with your name, icon, and branding can trick your users into downloading malware or handing over their credentials, and it damages your brand even though your real app is untouched. This is impersonation, distinct from being flagged as a copycat yourself, and as the brand owner you have ways to respond. Here is what fake apps are, how they harm you and your users, and what to do about impersonators.

    Short answer

    Fake apps, or app impersonation, are apps that copy your name, icon, or branding to trick users into downloading them, often to steal credentials, distribute malware, or run scams. Per Apple's design guidelines and Google Play's impersonation policy, the stores prohibit impersonation and copycats and act on reports. As the brand owner, your response is to monitor the stores for impersonators, report them through the platforms' impersonation or intellectual-property complaint channels, protect your brand with trademarks, and direct users to your official listing. This is different from your own app being flagged as a copycat; here someone is impersonating you, and the tools are detection, reporting, and brand protection rather than changes to your app.

    What you should know

    • Impersonation copies your brand: a fake app uses your name, icon, or look.
    • It targets your users: to steal credentials, spread malware, or scam.
    • It harms your brand: even though your real app is unaffected.
    • The stores prohibit it: and act on impersonation and IP reports.
    • You respond with detection and reporting: plus trademarks and user guidance.

    What is app impersonation, and how is it different from being a copycat?

    Impersonation is someone else pretending to be your app; being a copycat is your app being too similar to someone else's. The distinction matters because the response differs. When you are flagged as a copycat under the App Store's design rules, the fix is to make your own app distinct. When someone impersonates you, the problem is an external bad actor publishing a fake version of your app, and the fix is to get that fake app removed and protect your users from it. A fake app typically mimics your name, icon, and branding closely enough that users searching for your app might download the impostor, and its goal is usually malicious: harvesting logins, delivering malware, or running a scam under your trusted name. Your real app is not compromised, but your brand and your users are the targets.

    How do fake apps harm you and your users?

    By exploiting the trust in your brand. The table lists the harms.

    HarmWho it affects
    Credential theftUsers who enter logins into the fake app
    Malware distributionUsers who install the impostor
    Scams and fraudUsers tricked under your trusted name
    Brand and reputation damageYou, as users blame your brand
    Diverted users and revenueYou, as installs go to the fake

    The core mechanism is that users trust your brand, and the fake app borrows that trust. A user who downloads an impostor believing it is yours may enter their credentials, which the attacker harvests, or install malware, and when something goes wrong they associate it with your brand, not the impersonator. So even though your real app is secure, an impersonator can cause real harm to your users and your reputation, which is why detection and removal matter to you as the brand owner.

    What do you do about impersonators?

    Monitor, report, and protect your brand. Watch the app stores for apps using your name, icon, or branding, since impersonators appear over time and search results can surface them. When you find one, report it through the platform's channels: the stores prohibit impersonation and copycats and provide ways to report a problem and to file intellectual-property complaints, which is the route to getting a fake app removed. Strengthen your position with trademarks, since a registered trademark supports an IP complaint and your claim to the name and branding. Help users find the real app by promoting your official listing and your verified developer name, so they can confirm they have the genuine app, and consider noting your official source on your website. The response is external, detection, reporting, and brand protection, rather than a change to your app, since the fake is not under your control.

    What to watch out for

    The first trap is conflating impersonation with being a copycat; here the problem is someone faking your app, and the tools are reporting and brand protection. The second is not monitoring the stores, so an impersonator harvests your users for a long time before you notice. The third is having no trademark to support an IP complaint. This threat is about others abusing your brand rather than your app's code, so it sits apart from a pre-submission scan such as PTKD.com (https://ptkd.com), which reads your binary against OWASP MASVS to secure your own app; protecting your real app's integrity and directing users to it complements fighting impersonation. The detection and reporting you handle through the stores.

    What to take away

    • Fake apps impersonate your name, icon, or branding to trick your users, usually to steal credentials, spread malware, or scam, harming your brand even though your real app is untouched.
    • This is different from your own app being flagged as a copycat; here an external actor is impersonating you.
    • Monitor the stores for impersonators, report them through the impersonation and intellectual-property channels, protect your brand with trademarks, and direct users to your official listing.
    • This is about others abusing your brand rather than your app's code, so handle it through detection and reporting while keeping your real app secure, which a pre-submission scan such as PTKD.com helps with.
    • #fake-apps
    • #impersonation
    • #brand-protection
    • #copycat
    • #app-store
    • #trademark
    • #app-security

    Frequently asked questions

    What is app impersonation?
    It is someone publishing a fake app that copies your name, icon, or branding to trick users searching for your app into downloading the impostor, usually to steal credentials, distribute malware, or run a scam under your trusted name. Your real app is not compromised, but your brand and your users are the targets. The app stores prohibit impersonation and copycats and act on reports, so getting the fake removed is the goal.
    How is impersonation different from being a copycat?
    Being a copycat is your own app being flagged as too similar to someone else's, where the fix is to make your app distinct. Impersonation is an external bad actor publishing a fake version of your app, where the fix is to get the fake removed and protect your users. The distinction matters because one is about changing your app and the other is about detection, reporting, and brand protection against someone abusing your brand.
    How do fake apps harm my business?
    By exploiting the trust in your brand. Users who download an impostor believing it is yours may enter credentials the attacker harvests, install malware, or be scammed, and when something goes wrong they associate it with your brand, not the impersonator. So even though your real app is secure, a fake one can cause real harm to your users and your reputation, and divert installs that would have gone to your genuine app.
    What can I do about an app impersonating mine?
    Monitor the stores for apps using your name, icon, or branding, and when you find an impostor, report it through the platform's channels, the stores provide ways to report a problem and file intellectual-property complaints to get fakes removed. Strengthen your position with a registered trademark, which supports an IP complaint, and direct users to your official listing and verified developer name so they can confirm they have the genuine app.
    Does securing my own app stop impersonation?
    Not directly, since impersonation is about someone abusing your brand rather than your app's code, so the response is detection, reporting, and brand protection. But keeping your real app secure and directing users to your official listing complements the fight, since users who reliably find and trust your genuine app are less likely to fall for a fake. A pre-submission scan such as PTKD.com secures your own binary, a separate concern from fighting impersonators.

    Keep reading

    Scan your app in minutes

    Upload an APK, AAB, or IPA. PTKD returns an OWASP-aligned report with copy-paste fixes.

    Try PTKD free