The official Netflix app for Android devices has been a bit tricky for some users to understand because it has only been released for certain handsets thus far. Those with other devices that are not yet supported are apparently willing to throw caution to the wind and get download it from wherever possible, and therein resides a security risk.
According to CNET, a fake Netflix app has been making the rounds of some online forums that looks legit enough until you compare it to the real one. Once you install it and try to login to your account, your login information was sent to a third-party server and you were presented with a message that your device was incompatible and it would then try to uninstall itself.
Security firm Symantec is reporting that the third-party server now appears to be offline, but that doesn’t mean another couldn’t pop up at a moment’s notice or the original come back online.
What the people behind the fake app stand to gain is unclear as there is very little personal information stored in Netflix accounts. Only the last four digits of the credit card associated with the account are displayed, but they could potentially use enough other info to get into records about you elsewhere.
While the damage from this particular incident seems minimal so far, it’s just a good lesson to remember that you shouldn’t just load any old application you find in a forum onto your phone no matter how legitimate it may look. Of course seeing the real and fake Netflix apps next to one another makes it obvious, if you just loaded it up and saw the distinctive red background and the logo, you wouldn’t think twice about entering your user name and password. Now imagine if someone did this with a banking app. It’s always worth double checking before you use an app from an unknown source.