banner.png

You might have read our recent series on crypto scams - for example part 3 on fake apps

Today our security team prepared a tutorial on how to spot fake websites and apps. Read on to learn more.

 

Stay safe in app stores

When downloading an app like imToken, you might go to the Google Play Store or Apple App Store. When visiting one of those two app store, simple tips can help you to stay safe:

  1. Search for the app name and be careful if you find multiple apps, because usually only one is real and fake apps try to look similar to real ones
  2. An app with many reviews and downloads is less likely to be fake, because fake apps will be taken offline before getting many downloads

If you don’t download from the two big app stores, be careful, because smaller app stores are - generally speaking - less safe. Why? Because in our security team’s experience, they are less strict in taking down fake apps.

If you don’t download from app stores at all, you might use an official website - such as imToken’s https://token.im/ . In this case, here are our recommendations:

 

Three steps to tell if a website is real and safe

  1. Make sure that the domain name you entered in the browser is: https://token.im/
    Note: Be sure to use HTTPS instead of HTTP.
  2. Make sure there is a security icon such as 🔒 or 🛡 in front of the domain name.
    image1.png
  3. Click the security icon, the website is real and safe if the pop-up shows “Connection is secure”. Otherwise, the website is fake and you can contact us via [email protected]. We’ll get you the help you need.
    image3.png

Before downloading imToken, please make sure you have completed the three steps. 

 

How can I verify the authenticity of an imToken APK file I downloaded?

If you downloaded an imToken APK file through a third-party website or a friend, please check the authenticity of the APK by checking its hash before installing it. 

The SHA-256 of a file is a kind of digital fingerprint which ensures that data is not modified or tampered with.

The simplest way is to get the SHA256 through online tools.

  1. Move the APK file to desktop
  2. Open the website: https://emn178.github.io/online-tools/sha256_checksum.html
  3. Click “Drop File Here” and upload your APK file to get the result
  4. Compare the SHA256 of the APK file with that of different versions of imToken listed in the table below. If the result is identical to the SHA256 in the table, it can be said that your APK file is original and safe.
    If you encounter any problems during the process, please feel free to contact us via [email protected]

 

Mac users

  1. Move the APK file to desktop
  2. Open Terminal (default path: Launchpad - Other - Terminal) and enter cd desktop/
    image5.png
  3. Enter shasum -a 256 + the name of the file, and press “Enter” to get the SHA256 of the file.
    image2.png
  4. Compare the SHA256 of the APK file with that of different versions of imToken listed in the table below. If the result is identical to the SHA256 in the table, it can be said that your APK file is original and safe.
    If you encounter any problems during the process, please feel free to contact us via [email protected]

Windows users

  1. Move the APK file to desktop
  2. Open the command line tool(press Win and R, enter CMD, press Enter) and enter cd desktop/, press Enter
    image4.png

  3. Enter certUtil -hashfile + the name of the file + SHA256, and press “Enter” to get the SHA256 of the file.
  4. Compare the SHA256 of the APK file with that of different versions of imToken listed in the table below. If the result is identical to the SHA256 in the table, it can be said that your APK file is original and safe.
    If you encounter any problems during the process, please feel free to contact us via [email protected]

APK from our official website

Version

SHA256

2.10.4.1787

f26b89d234cae59ef64e9d7ddfa9a6cb3e87670117c7c929dab5ff8c7e622898

2.10.3.1734

b2b7059f8bd875864b5b4c5d563f65d610076c794b06e63933420574eadf4e47

2.10.2.1693

847eb56c17064a467f8bb14b435d2cd9f503deae75d4e49014831e8ad9934a8a

2.10.1.1678

9450b72b4feb8f45bc045b5bf93324668c47c09e85adf322c188742bade34a3f

2.10.0.1675

e50f53ce55198ab37eeff760aecc8c739373d40b917dc51a027c79e4918ead3c

2.9.11.1578

caeb05714efab1e0ca95289b4a63950efc3ca61920710f7d79f1ed6633ee21f8

2.9.10.1539

3647beaed797f927fd030ef20ed6dc2c86b6591b4320166346caab0f8206f376

2.9.9.1514

6bd13c0ba674049aedba062a56cc72c8f4e4d578a10fb051d38c7d804c16d656

2.9.8.1471

bacb7cff0f38ef68803c1ce16c04b51a2f2b3066d12f59847f652cfef37f1b45

2.9.7.1413

cb11455f40758a0f8b4be9f1f06c290bf1f80b3129613b342925f6ff14da139f

2.9.6.1387

b98d21b5a5955983dff49b3cbc5d37a05450cf8201c554c7f7d51df4e8b3b9df

2.9.5.1370

55325d89fdbb29695a5964c006b78b74cb05bef5bf4dd2ad25f935328826fb13

2.9.4.1335

88392aa940b326b5e920b44d18152e26b84be635edba908e58a87ce7f0bca541

2.9.3.1293

9eda05d46d7e595c7ef6c67dd3ba3bf60e6cf6d37f1ee5459a6a32384c488f5c

2.9.2.1270

f1876987f35a2ecac7f579793df5823f28ff7f5c4e0835e30b0c35bdeed0f89a

2.9.1.1257

ea248e1503101a3f35bde8a5fc546e73c613dd08c0de367b5f4c1397cd8305a7

Apple Store and Google Play

If you download imToken from Apple App Store or Google Play, please confirm that the developer of imToken is IMTOKEN PTE.LTD., and all others are fake Apps.

image5.png