Blog

Anand Singh
Beware of fake apps that claim to link your mobile number to Aadhaar
December 14, 2017

Are you looking for ways to avoid visiting your cellular network provider’s care center/store to get your Aadhaar linked to your mobile number? Have you recently searched for apps that can help you do this? Well, here is some important and useful information for you.

It is now mandatory for all mobile users to link their Aadhaar to their mobile number. According to an advisory issued by the Unique Identification Authority of India (UIDAI), mobile users do not have to visit any store to get the Aadhaar-phone linking done. This can be done with a voice-guided system through a one-time password (OTP) from 1st January 2018, as reported by Times of India.

Quick Heal Security Labs came across an app on the Google Play Store that claimed to help users link their mobile number to Aadhaar. For obvious reasons, we found the occurrence of this app suspicious because the UIDAI has not spoken about any mobile app which can be used for Aadhaar-phone linking.

As expected, we found the app to be fake and not related to UIDAI. This is what it looks like.

 

Fig 1. The fake app’s interface displaying a fake biometric authentication mechanism.

Fig 1. The fake app’s interface displaying a fake biometric authentication mechanism.

This app was downloaded over 1,00,000 times and was removed from Google Play after Quick Heal Security Labs reported it to Google.

 An interesting observation

One interesting thing which we observed during our analysis is this app can send you an OTP even if you don’t have a SIM card in your phone. Wonder how this works? A simple trick used by the app developer answers this question. The OTP sent for the verification is just a pop-up notification generated by the app to fool the user. This notification looks similar to the ones which are displayed at the top part of your mobile screen whenever you receive a new SMS. Fig 2 below shows how the fake OTP notification appears. Extremely tricky, isn’t it?

Our verdict

This fake app is nothing but a source of income for the app developer which they generate by serving unwanted ads to the user. This app does not benefit the user in any way and even worse, it can also be used to steal their Aadhaar information. Such stolen information can be used for identify theft and other such crimes.

Fig 2. OTP generated by the app.

Fig 2: OTP generated by the app.

Quick Heal Security Labs analyzed similar apps on the Play Store and found many with names related to Aadhaar and mobile phone linking. Most of these apps name themselves as ‘prank’, ‘guide to linking Aadhaar to mobile’, and ‘just for entertainment’ in their descriptions which are usually not noticed by most users (fig 3).

We strongly recommend you to always read the description of an app you want to install on your device. Just because an app describes itself as a prank app, it does not mean it is safe to use.

Fig 3. One of the app’s description.

Fig 3: One of the app’s description.

 

Further observations

There was a sudden rise in the number of people searching the Internet for the term “link Aadhaar number to mobile number” on Dec 1, according to the Google Trends survey for India. Noticeably, on this very day, UIDAI had given its approval to telecom community’s request to make the Aadhaar-mobile linking facility available online. Fig 4 shows the trends.

Fig 4: Sudden increase on Dec 1 for the search query “link Aadhaar number to mobile number” in India.

Fig 4: Sudden increase on Dec 1 for the search query “link Aadhaar number to mobile number” in India.

To reiterate, currently there is no app which will provide you with in-app biometric Aadhaar to mobile linking facility.

How to stay safe from fake mobile apps

  1. Check an app’s description before you download it.
  2. Check the app developer’s name and their website. If the name sounds strange or odd, you have reasons to suspect it.
  3. Go through the reviews and ratings of the app. But, note that, these can be faked too.
  4. Avoid downloading apps from third-party app stores.
  5. Use a reliable mobile antivirus that can prevent fake and malicious apps from getting installed on your phone.

Note: We searched the Play Store and found apps with the following package names. These apps claim to link phone number to Aadhaar but they are mostly prank apps or guides and do not provide the actual facility.

Package App Name
com.linkAadhaar.Aadhaarcardlinktomobile Aadhaar Card Link to Mobile Number / SIM Online
com.linkAadhaar.Aadhaarcardlinktomobilenumber Link Aadhaar Card to Mobile Number /SIM Card Online
phototool.app.Aadhaarcardlinktomobile Link Aadhaar Card with Mobile Number & SIM Online
smartappcorner.Aadhaarcardlinkwithmobile Link Aadhaar Card to Mobile Number & SIM Online
com.IndianServices.LinkAadhaarCardwithMobileNumber Link Aadhaar With Mobile
fabia.dev.linkAadhaarwithsim Aadhaar Card Linkk To Mobile Number
com.stoff.linkAadhaartomobile Free Link Aadhaar Card to Mobile Number /SIM Online
smartappcorner.onlineAadhaarlinksim Free Aadhaar Card Link to SIM Card
world.studio.classes.mobileno.toadhar.lab Link Aadhaar Card to Mobile Number & SIM Online
com.link.Aadhaar.card.with.mobile.number Link Aadhaar Card with Mobile Number Online
com.tomobilenumber.linkAadhaarcard Link Aadhaar to Mobile Sim Number
com.crazy.linkAadhaarwithsimcard Link Aadhaar To Mobile No
com.link.adhartomob Link Aadhaar Card with Mobile Number
com.photovideovalley.linkAadhaarwithmobile Link Aadhaar Card with Mobile Number & SIM Online
daily.apps.linkAadhaarwithmobilenumber Link Aadhaar to Mobile Number
com.smartdev.linkAadhaar Link Aadhaar Card with Mobile Number free
adhar.tool.Aadhaarcardlinktomobile Aadhaar Card Link to Mobile Number

Subject Matter Expert

Omkar Gurav | Quick Heal Security Labs

SHARE THIS STORY

Android, Fake App

Have something to add to this story? Share it in the comments.

Anand Singh
About Anand Singh
Anand is an Android Malware Analyst at Quick Heal. His interests include Android security, reading, and...
Articles by Anand Singh »

1 Comment

Your email address will not be published.

CAPTCHA Image

  1. thanks for yours .

    Reply