Scams on Mobile Devices
Fake cryptocurrency wallet apps
There are many different types of fake apps. One variation seeks to obtain personal information from users such as their wallet passwords and private keys.
In some cases, fake apps provide previously generated public addresses to users. So they assume funds are to be deposited into these addresses. However, they do not gain access to the private keys and thus do not have access to any funds that are sent to them.
Such fake wallets have been created for popular cryptocurrencies such as Ethereum and Neo and, unfortunately, many users lost their funds. Here are some preventive steps that can be taken to avoid becoming a victim:
• The precautions highlighted in the exchange app segment above are equally applicable. However, an additional precaution you can take when dealing with wallet apps is to make sure brand new addresses are generated when you first open the app, and that you are in possession of the private keys (or mnemonic seeds). A legitimate wallet app allows you to export the private keys, but it is also important to ensure the generation of new key pairs is not compromised. So you should use a reputable software (preferably open source).
• Even if the app provides you a private key (or seed), you should verify whether the public addresses can be derived and accessed from them. For example, some Bitcoin wallets allow users to import their private keys or seeds to visualize the addresses and access the funds. To minimize the risks of keys and seeds being compromised, you may perform this on an air-gapped computer (disconnected from the internet).