App store scams: bogus VPN apps aim to steal data

Which? warns of scammers stealing a legitimate company's identity to peddle fraudulent apps
Tali RamseySenior Writer

Tali writes about scams and consumer rights for Which? delving into fraud, technology and consumer rights topics to keep readers safe and empowered.

Apple iPhone

All Amplified Media Ltd's identity was stolen to launch two fraudulent Virtual Private Network (VPN) apps on Apple's App Store, with both designed to harvest data. 

A VPN is downloadable software for your device that allows you to hide your internet traffic from your internet service provider (ISP) and the websites you visit. VPNs have been in high demand since age verification checks were introduced on some websites last year, following the implementation of new internet safety rules under the Online Safety Act. 

Which? examined the scam apps and found they disguised themselves as providing VPN services in an attempt to steal data. The presence of these apps is alarming, but what was most concerning was the battle All Amplified Media faced in trying to remove them.

Below, we take a look at these fraudulent apps and explain what checks you should do to avoid downloading a scam app on your device.  

Outsmart the fraudsters

free newsletter

Sign up for our free Scam Alerts service.

Our Scam Alerts newsletter delivers scams-related content, along with other information about Which? Group products and services. We won't keep sending you the newsletter if you don't want it – unsubscribe whenever you want. Your data will be processed in accordance with our privacy notice.

Scam apps and stolen identity

The director of All Amplified Media, Ali Sezgin, appealed to Which? for help after finding that their company's legal name, trademark and other unique information had been stolen to create fraudulent apps on Apple's App store. 

Ali told us that when he notified Apple of the issue, he was told that it was a third-party dispute and that he needed to speak with the fraudulent company to resolve the problem.

Which? found these apps were available globally, with the websites featuring little to no information. The privacy policy pages were blank, and the websites were registered to an address in Reykjavík, Iceland, linked to other scams, including an investment scam we uncovered in 2024.

‘They are ghost apps harvesting data under my firm's name. By using a verified UK entity with a real history, they’ve bypassed Apple’s initial security checks,' Ali said. 

Alarmingly, Ali also found that the app information listed his private home address as the address for these apps.

Which? contacted Apple about these apps and All Amplified Media’s experience. 

Apple told us that it removed the apps. It also said that as part of the content dispute process, for anyone who believes another app violates their intellectual property rights, it will contact the company accused of the violation and ask them to work directly with the company that made the complaint to resolve the issue.

Apple said that it doesn’t tolerate fraudulent activity on the App Store and in 2024, it rejected, removed or prevented 374,000 apps that were found to be spam, copying other apps, misleading, potentially fraudulent or having bait-and-switch violations.

Seven steps to avoid app scams

To avoid being scammed by a dodgy app, follow these tips:

  1. Review information from the app’s developer, including its privacy policy and T&Cs. If it doesn’t have these, avoid it.
  2. Read reviews of the app on more than one platform or website.
  3. Research the developer behind the app by looking at their website for the typical scam signs, such as bad grammar and a newly registered website, which can be found by looking at Who.is
  4. Always enable two-factor authentication when downloading an app, if possible.
  5. Think twice about agreeing to the app’s permissions. If the permissions seem excessive, you should reconsider downloading it.
  6. Check how recently the app was updated. If an app was updated more than six months ago, then it's one to be wary of.
  7. Check the number of downloads it has, as genuine and trusted apps will have thousands of downloads.

How to report an app

Under the new Online Safety Act, app stores will be required to ensure they prevent and remove fraudulent content. Platforms that fail to comply with these rules will face fines of up to £18m or 10% of global turnover. 

To report apps on the Apple App Store, visit Apple's 'Report a problem' website.

To report an app on Google Play, go to the details page of the app, tap ‘more’, flag it as inappropriate, choose a reason and then tap submit.

If you lose any money to a scam, call your bank immediately using the number on the back of your bank card. You should also report it to Report Fraud (formerly known as Action Fraud) or call the police on 101 if you’re in Scotland.

More on this