Return to protonvpn.com Facebook   Twitter   Reddit   Instagram   Mastodon   ProtonMail

Beware of fake apps pretending to be ProtonVPN

Posted on September 19th, 2019 by in Security.

Learn how to identify and how to delete fake apps.

 

Recently, we have noticed an uptick in the number of fake ProtonVPN apps. Hackers create fake versions of popular applications, like Evernote, Signal, and ProtonVPN, to smuggle malware onto unsuspecting users’ devices. Once they are downloaded, the malware contained in these fake apps can unleash ads all over your device, take control your device’s camera, or even let attackers steal your identity. This article explains how to avoid these fake apps and what you should do if you’ve downloaded one.

How to spot fake apps

You should not download apps from unofficial sources. ProtonVPN apps are only available on the App Store, the Play Store, or on the ProtonVPN website. While there are relatively benign copies of our apps in different corners of the Internet, if you do not download the app from one of these three sources, we cannot assure its quality. To download an official ProtonVPN app, you must get it from our website, the App Store, or the Play Store.

Users still need to remain vigilant in the official app stores as even they are not 100 percent safe. There was a fake WhatsApp application that was downloaded over 1 million times from the Play Store in 2017. That app only spammed its users with advertisements, but it demonstrates the risk that exists. There was also an “Encryption ProtonMail keyboard” available briefly in the Play Store. Make sure you check the name of the app as well as the name of the developers. If either seems suspicious, do not download the app. 

A fake ProtonMail app while it was still available in the Play Store.


Fake apps pose the largest risk to Android users, but macOS and Windows users should also be careful. Only download apps from a trusted source and never download an app directly from a link shared via social media. If you are using an iOS device, you are relatively safe since you can only download apps from the App Store. (If you jailbreak your device, then this warning applies to you as well.)

Everyone can download any of our apps for free from our official sites, so there is no advantage to downloading them from an unverified source. We only charge a subscription fee for our premium services. Users who only want privacy protection can sign up for our award-winning Free plan.

What to do if you downloaded a fake app

If you downloaded a fake ProtonVPN app, you should immediately delete it. Your data is not secure as long as the fake app is on your device.

To delete fake apps from your Android: 

  1. Open the app tray.
  2. Tap and hold the app you wish to delete. (Hold your finger on the app until you feel a vibration or notice that the screen changed.)
  3. Drag the app onto the Home screen.
  4. Continue dragging the app to the Uninstall option.
  5. Release your finger over the Uninstall button.

(Remember, these steps or the names of the folders might be slightly different for you, depending on the brand of your Android device.)

Unfortunately, malicious Android apps often try to prevent you from deleting them by making their icon and title invisible. If you cannot find the app on your device, you should go to your installed apps page.

To find hidden apps on an Android:

  1. Tap the Settings icon. It looks like a gear.
  2. In the Settings menu, tap Apps & notifications.
  3. Tap See all apps.
  4. Once you are looking at the list of all your apps, scroll until you find a blank space. This will be the invisible fake app. Tap it and select Delete.

If your device will not let you delete the fake app because it was able to get administrator permission, your best option is to wipe your device’s memory and start over.

To perform a factory reset:

  1. Tap the Settings icon. It looks like a gear.
  2. In the Settings menu, tap Backup & reset.
  3. Tap Factory data reset. (This will delete all data on your phone.)

How to recover from a fake app

Once you have cleared the counterfeit app from your device, you need to resecure your accounts. If you happened to download a fake ProtonVPN app, here is how you can take back control of your ProtonVPN account. You should first check your account page to make sure nothing (like your recovery email) has been altered. Finally, you should change your password.

To change your ProtonVPN password:

  1. Go to https://account.protonvpn.com/login
  2. Enter your login credentials
  3. Once you are logged in, click Account on the left.
  4. Click Change Proton password.

If you fear your ProtonMail account might be at risk, you should check to see if there are any active sessions that you do not recognize. If there are, close them immediately. And make sure your recovery email address hasn’t been changed. Then change your password.

To secure your ProtonMail account:

  1. Go to https://mail.protonmail.com/login
  2. Enter your login credentials.
  3. Click Settings.
  4. Find and click Security in the menu on the left.
  5. Under Session Management you will see all the sessions currently open. If there is one you do not recognize, click Revoke. If you are very concerned about your security, you can click Revoke all other sessions.
  6. You will be prompted to enter your password to confirm that you want to end these sessions.
  7. Then find and click Account in the menu on the left.
  8. Scroll down until you see Change password.

Downloading a fake app is one of the quickest ways to compromise your device. Unfortunately, it only takes one weak link to put your data risk. To keep your data private, you must always be vigilant.

Best Regards,
The ProtonVPN Team

You can follow us on social media to stay up to date on the latest ProtonVPN releases:

Twitter Facebook | Reddit | Instagram

To get a free ProtonMail encrypted email account, visit: protonmail.com

Prior to joining ProtonVPN, Richie spent several years working on tech solutions in the developing world. As a senior editor and writer at Latterly, he covered and commented on international human rights stories. He joined ProtonVPN to advance the rights of online privacy and freedom.

Post Comment

1 comments

  1. Matt

    Proton Team,
    Please create a new app for the public. We would like to see an encrypted keystroke scrambler for PC and Android. Something to encrypt our keystrokes so the operating system cannot save or read our keystrokes.

    Thanks Team!

Leave a Reply

Your email address will not be published. Required fields are marked *

Knowledge base

 

Secure Your Internet Today

Get ProtonVPN