The Hidden Dangers of “Decoy Apps”
What are Decoy Apps?
“Decoy Apps”, “Vault Apps”, “Ghost Apps” or “Disappearing Apps” are apps that are used to hide content on mobile phones where someone other than the owner wouldn’t be able to find it. These apps can often look and function like something benign: a calculator or an mp3 player, however, when a secret passcode is entered, a storage vault of hidden media is revealed.
Decoy Apps store and open several media types, including photos, videos, music, Microsoft Office files and even conversations and contacts. Often these files can also be shared internally with other people using the same app. Also, many Decoy Apps also have security functions that record failed passcode attempts, and sometimes even take a photo of whoever tried to break into the app.
App icons for common “Decoy Apps”
If a student has a Decoy App it’s likely because they feel they have something to hide, as these apps tend to be used to capture and share sexually explicit content. Notably, some Decoy Apps have been linked with illicit photo-sharing rings in high-schools in the United States. As a result, entire year groups faced child pornography charges for sharing photos of their classmates.
While some apps may claim not to be able to access users’ photos and videos or to store them on servers, many don’t have privacy policies clarifying where media is stored. Users have complained that after uploading their photos into the app, the passcode is changed without their permission. Some reviews claim the app has crashed and cannot be opened, meaning that photos saved can’t be retrieved or deleted.
What Can Parents Do?
iOS devices (iPhones or iPads) have the option to activate an “Ask to Buy” function. This sends a request to the parent whenever someone attempts to download an app, which parents can then elect to approve or deny. You can find information about activating the “Ask to Buy” function here.
Similar purchase approval measures can be set up on Google’s Play Store here, and Parental Controls which enable parents to set age restrictions on any apps that are downloaded to a device can be found here.
To see if a “Decoy App” is downloaded onto a phone, parents can open either Google Play on an android phone or the iTunes Store on an iPhone, and type in keywords like “decoy” “vault” “ghost” “secret” or “hidden”, and scroll through the results to see if any of those apps have been purchased.
Parents can also check the phone’s storage for questionable apps.
- Open the Settings app
- Select General
- Select iPhone Storage, and wait for all the apps to load
- Locate the Settings icon
- Look for Storage, and select the Apps tab
- Or look for App Management
Look for any app names that contain words like “decoy” “vault” “ghost” “secret” or “hidden“, and select any you are uncertain about to see their storage size. An app like a calculator shouldn’t be much bigger than 1MB, and definitely shouldn’t be bigger than complex apps like Instagram or gaming apps. When you select an app, the storage will be broken down into the app itself, and data or documents. If a simple calculator app has several MB in data and documents, it’s storing something hidden.