You might have read our recent series on crypto scams - for example part 3 on fake apps.
Today our security team prepared a tutorial on how to spot fake websites and apps. Read on to learn more.
Stay safe in app stores
When downloading an app like imToken, you might go to the Google Play Store or Apple App Store. When visiting one of those two app store, simple tips can help you to stay safe:
- Search for the app name and be careful if you find multiple apps, because usually only one is real and fake apps try to look similar to real ones
- An app with many reviews and downloads is less likely to be fake, because fake apps will be taken offline before getting many downloads
If you don’t download from the two big app stores, be careful, because smaller app stores are - generally speaking - less safe. Why? Because in our security team’s experience, they are less strict in taking down fake apps.
If you don’t download from app stores at all, you might use an official website - such as imToken’s https://token.im/ . In this case, here are our recommendations:
Three steps to tell if a website is real and safe
-
Make sure that the domain name you entered in the browser is: https://token.im/
Note: Be sure to use HTTPS instead of HTTP.
- Make sure there is a security icon such as 🔒 or 🛡 in front of the domain name.
-
Click the security icon, the website is real and safe if the pop-up shows “Connection is secure”. Otherwise, the website is fake and you can contact us via [email protected]. We’ll get you the help you need.
Before downloading imToken, please make sure you have completed the three steps.
How can I verify the authenticity of an imToken APK file I downloaded?
If you downloaded an imToken APK file through a third-party website or a friend, please check the authenticity of the APK by checking its hash before installing it.
The SHA-256 of a file is a kind of digital fingerprint which ensures that data is not modified or tampered with.
The simplest way is to get the SHA256 through online tools.
- Move the APK file to desktop
- Open the website: https://emn178.github.io/online-tools/sha256_checksum.html
- Click “Drop File Here” and upload your APK file to get the result
-
Compare the SHA256 of the APK file with that of different versions of imToken listed in the table below. If the result is identical to the SHA256 in the table, it can be said that your APK file is original and safe.
If you encounter any problems during the process, please feel free to contact us via [email protected]
Mac users
- Move the APK file to desktop, and rename it as “check.apk”
-
Open Terminal (default path: Launchpad - Other - Terminal) and enter cd desktop/
-
Enter shasum -a 256 check.apk, and press “Enter” to get the SHA256 of the file.
-
Compare the SHA256 of the APK file with that of different versions of imToken listed in the table below. If the result is identical to the SHA256 in the table, it can be said that your APK file is original and safe.
If you encounter any problems during the process, please feel free to contact us via [email protected]
Windows users
- Move the APK file to desktop, and rename it as “check.apk”
-
Open the command line tool(press Win and R, enter CMD, press Enter) and enter cd desktop/, press Enter
- Enter certUtil -hashfile check.apk SHA256, and press “Enter” to get the SHA256 of the file.
- Compare the SHA256 of the APK file with that of different versions of imToken listed in the table below. If the result is identical to the SHA256 in the table, it can be said that your APK file is original and safe.
If you encounter any problems during the process, please feel free to contact us via [email protected]
APK from our official website
Version |
SHA256 |
2.16.1.7291 |
e660db0e5ccfade4d2d3ed82d128fa607f080e4b547c8967b76c637c190cbbc4 |
2.16.0.7239 |
89636c25ce31530aaf147662fdc5933527da5c3b6979da6344eae968b3d9216b |
2.15.8.7143 |
bcaf081931c131366d74c251dd76a9ddd694e483776e479335bb88a4bc6cdebe |
2.15.7.6870 |
5525cd287958795302565036465f70ab88b42617dbc8f043d6097b27f2782ae4 |
2.15.6.6795 |
a19279bfda5c316eedc1d4408785bd8d10583f9b72299893603386421f068ec9 |
2.15.5.6538 |
4a8d97fd1b40d3628115e23281d5431312c67258b0e2adcc572b186735af6cf8 |
2.15.4.6483 |
a9a3d16c4646aabde3e38a2c84dd1d49153b17fcb746f26e9cef20b2fb19f650 |
2.15.3.6229 |
e5574ffba5eec3755998541c61d58f5fdc5ddc2ef32176eb16393e9d6e0b7042 |
2.15.2.6022 |
a2107476f7d60fbfcb6eee1f4b3bf4c3c70453aaa20d4655932bd954ada4a3b7 |
2.15.1.5703 |
a33a8af6e85195a551fd3831c339c4affc0098705cb70de59927ba4719225c52 |
2.15.0.5658 |
7e9d2e0cdb13c07401d41a6fa5ed6aebcfee5e596700bf8186c76e0290d57687 |
2.14.1.4651 |
9fa7d0a22ee91318a212539c5a9bb28d1d349732a6090b3d9860063459ce1ab5 |
2.14.0.4428 |
7690c38a672cc9399c7721efb4f5bb857395dd552622cbdb53c258b6b04ef366 |
2.13.5.4077 |
ba7277900e56f6ca673d9493d0b1cf8bfedd1e1bb3f40c66acd3f16d023cbc0c |
2.13.4.3990 |
a18c41b4fb423daf14b0cbb8b604576daeeec1a2f07fc716841fbdc64c7a8ca3 |
2.13.3.3948 |
5d84c6c497dc855c0413e81155473dde326cd2546555f34cc8b1698b4ea07c26 |
2.13.2.3736 |
4b021d832b3d9364a20bcac3907fd0baf908822737a09f635088c2a007e88fd1 |
2.13.1.3722 |
003d312f2d5949296ef8010900c7f5c7c6594d4a82f074cbd4a4d5ef07cbfc88 |
2.13.0.3667 |
6bbe481a3d09d67a72cef657047471c81c5a16513345657103d4d49eeeac80b3 |
2.12.2.3289 |
a6fabf3becf2a83b40315f337fbe28b01e17937a21af800a6a42cd738b45f031 |
2.12.2.3227 |
0ba2f40d0c76f4ae535a7bcca9664b7949b55041179f32a19ca56809fb488952 |
2.12.1.2978 |
70d2d94a4364625dd5b5cde169293c0386ad7a11cbc25e38095bfd223d7c7635 |
2.12.0.2777 |
33eb1f986b326fa6042a6c23bc38cf34b5ee3a61a9bbff75771cffde242e2663 |
2.11.3.2534 |
9229008833123372018989ac89625b93b6208d9128ea81af0fd80fdbeac76d6a |
2.11.3.2478 |
021bf09612455068a4951a932b3d8b993bba28a48b78d1f37d85fc49b937c67e |
2.11.2.2195 |
4b65805f05790afc081e6841adb228a61e4c1badcaab2d3d791358d268e9a81e |
2.11.1.2067 |
f6df695289ffa05201627d1d480880e72815fc5e34c9e585ef19174eacf1a31b |
2.11.0.1953 |
894da7618e5fabab3065e847ea427bda30a8f5c7ecdabb8648e59b4ce335f0f1 |
2.10.4.1787 |
f26b89d234cae59ef64e9d7ddfa9a6cb3e87670117c7c929dab5ff8c7e622898 |
2.10.3.1734 |
b2b7059f8bd875864b5b4c5d563f65d610076c794b06e63933420574eadf4e47 |
2.10.2.1693 |
847eb56c17064a467f8bb14b435d2cd9f503deae75d4e49014831e8ad9934a8a |
2.10.1.1678 |
9450b72b4feb8f45bc045b5bf93324668c47c09e85adf322c188742bade34a3f |
2.10.0.1675 |
e50f53ce55198ab37eeff760aecc8c739373d40b917dc51a027c79e4918ead3c |
2.9.11.1578 |
caeb05714efab1e0ca95289b4a63950efc3ca61920710f7d79f1ed6633ee21f8 |
2.9.10.1539 |
3647beaed797f927fd030ef20ed6dc2c86b6591b4320166346caab0f8206f376 |
2.9.9.1514 |
6bd13c0ba674049aedba062a56cc72c8f4e4d578a10fb051d38c7d804c16d656 |
2.9.8.1471 |
bacb7cff0f38ef68803c1ce16c04b51a2f2b3066d12f59847f652cfef37f1b45 |
2.9.7.1413 |
cb11455f40758a0f8b4be9f1f06c290bf1f80b3129613b342925f6ff14da139f |
2.9.6.1387 |
b98d21b5a5955983dff49b3cbc5d37a05450cf8201c554c7f7d51df4e8b3b9df |
2.9.5.1370 |
55325d89fdbb29695a5964c006b78b74cb05bef5bf4dd2ad25f935328826fb13 |
2.9.4.1335 |
88392aa940b326b5e920b44d18152e26b84be635edba908e58a87ce7f0bca541 |
2.9.3.1293 |
9eda05d46d7e595c7ef6c67dd3ba3bf60e6cf6d37f1ee5459a6a32384c488f5c |
2.9.2.1270 |
f1876987f35a2ecac7f579793df5823f28ff7f5c4e0835e30b0c35bdeed0f89a |
2.9.1.1257 |
ea248e1503101a3f35bde8a5fc546e73c613dd08c0de367b5f4c1397cd8305a7 |
App Store and Google Play
If you download imToken from Apple App Store or Google Play, please confirm that the developer of imToken is IMTOKEN PTE.LTD., and all others are fake Apps.