Most app-security advice is about protecting your own app, but there is a threat that comes from the other direction: someone publishing a fake app that impersonates yours. A clone with your name, icon, and branding can trick your users into downloading malware or handing over their credentials, and it damages your brand even though your real app is untouched. This is impersonation, distinct from being flagged as a copycat yourself, and as the brand owner you have ways to respond. Here is what fake apps are, how they harm you and your users, and what to do about impersonators.
Short answer
Fake apps, or app impersonation, are apps that copy your name, icon, or branding to trick users into downloading them, often to steal credentials, distribute malware, or run scams. Per Apple's design guidelines and Google Play's impersonation policy, the stores prohibit impersonation and copycats and act on reports. As the brand owner, your response is to monitor the stores for impersonators, report them through the platforms' impersonation or intellectual-property complaint channels, protect your brand with trademarks, and direct users to your official listing. This is different from your own app being flagged as a copycat; here someone is impersonating you, and the tools are detection, reporting, and brand protection rather than changes to your app.
What you should know
- Impersonation copies your brand: a fake app uses your name, icon, or look.
- It targets your users: to steal credentials, spread malware, or scam.
- It harms your brand: even though your real app is unaffected.
- The stores prohibit it: and act on impersonation and IP reports.
- You respond with detection and reporting: plus trademarks and user guidance.
What is app impersonation, and how is it different from being a copycat?
Impersonation is someone else pretending to be your app; being a copycat is your app being too similar to someone else's. The distinction matters because the response differs. When you are flagged as a copycat under the App Store's design rules, the fix is to make your own app distinct. When someone impersonates you, the problem is an external bad actor publishing a fake version of your app, and the fix is to get that fake app removed and protect your users from it. A fake app typically mimics your name, icon, and branding closely enough that users searching for your app might download the impostor, and its goal is usually malicious: harvesting logins, delivering malware, or running a scam under your trusted name. Your real app is not compromised, but your brand and your users are the targets.
How do fake apps harm you and your users?
By exploiting the trust in your brand. The table lists the harms.
| Harm | Who it affects |
|---|---|
| Credential theft | Users who enter logins into the fake app |
| Malware distribution | Users who install the impostor |
| Scams and fraud | Users tricked under your trusted name |
| Brand and reputation damage | You, as users blame your brand |
| Diverted users and revenue | You, as installs go to the fake |
The core mechanism is that users trust your brand, and the fake app borrows that trust. A user who downloads an impostor believing it is yours may enter their credentials, which the attacker harvests, or install malware, and when something goes wrong they associate it with your brand, not the impersonator. So even though your real app is secure, an impersonator can cause real harm to your users and your reputation, which is why detection and removal matter to you as the brand owner.
What do you do about impersonators?
Monitor, report, and protect your brand. Watch the app stores for apps using your name, icon, or branding, since impersonators appear over time and search results can surface them. When you find one, report it through the platform's channels: the stores prohibit impersonation and copycats and provide ways to report a problem and to file intellectual-property complaints, which is the route to getting a fake app removed. Strengthen your position with trademarks, since a registered trademark supports an IP complaint and your claim to the name and branding. Help users find the real app by promoting your official listing and your verified developer name, so they can confirm they have the genuine app, and consider noting your official source on your website. The response is external, detection, reporting, and brand protection, rather than a change to your app, since the fake is not under your control.
What to watch out for
The first trap is conflating impersonation with being a copycat; here the problem is someone faking your app, and the tools are reporting and brand protection. The second is not monitoring the stores, so an impersonator harvests your users for a long time before you notice. The third is having no trademark to support an IP complaint. This threat is about others abusing your brand rather than your app's code, so it sits apart from a pre-submission scan such as PTKD.com (https://ptkd.com), which reads your binary against OWASP MASVS to secure your own app; protecting your real app's integrity and directing users to it complements fighting impersonation. The detection and reporting you handle through the stores.
What to take away
- Fake apps impersonate your name, icon, or branding to trick your users, usually to steal credentials, spread malware, or scam, harming your brand even though your real app is untouched.
- This is different from your own app being flagged as a copycat; here an external actor is impersonating you.
- Monitor the stores for impersonators, report them through the impersonation and intellectual-property channels, protect your brand with trademarks, and direct users to your official listing.
- This is about others abusing your brand rather than your app's code, so handle it through detection and reporting while keeping your real app secure, which a pre-submission scan such as PTKD.com helps with.

