Jump to content
Andymase

Is there a fake Enpass app on the Play Store that steals passwords?

Recommended Posts

Hello there

I'd like to share something very scary that happened to me a few days ago. I searched for Enpass on the Google Play Store and downloaded the app without checking it thoroughly. The app installed, and looked like Enpass, the only difference was the icon: instead of the usual keyhole in a blue circle, it looked like a pile of sheets with a keyhole in the middle.

I launched it and it asked me whether I wanted to type in new data or restore previous data from the cloud. I chose to restore the data from Dropbox (I'm already using Enpass on other devices) and the app tried to connect with no success. It said it was impossible to connect and to try later.

I tried a few days in a row, getting always the same result. Today I tried again and this time a message in a window popped up, saying that "probably an app on my phone was trying to connect to Dropbox in a fraudulent way and that Dropbox refused the connection".

I panicked and uninstalled the app, going back to the Play Store to check for it. The app was not there anymore, and I downloaded what looks like the real Enpass.

Now I'm scared to death. What if this fake app actually connected to my Dropbox and download the stored passwords?

 

Many thanks for any suggestion.

Andrea

Share this post


Link to post
Share on other sites

The fact is that I did enter the masterpassword since it's required to sync with the Dropbox backup file and the app appeared legit.

I still hope that was just an old legit Enpass version the developer left on the Play Store side by side with the current version. 

Share this post


Link to post
Share on other sites
Guest Akash Vyas

Hey @Andymase

We absolutely understand your concern for the safety of your data and we're here to help you with it. 

Actually, the icon you described for the app resembles an older version of Enpass. It might be possible that you installed the older version from your own Apps library (history). We've replaced in on the Play Store long back with the newer version and searching for Enpass must not show two different versions. Just to verify this, check the attached screenshot and let me know if this is the same app that you installed. 

Also, please log in to the Play Store on a desktop browser and navigate to My Apps (Installed history) and look up for the version of Enpass you installed. 

Selection_009.png

Further, you mentioned that 'The fact is that I did enter the master password since it's required to sync with the Dropbox backup file and the app appeared legit.' Here I would like to know if you are using Enpass 5.0 or later versions on your devices (with the Dropbox sync enabled) as after entering the master password, Enpass should directly sync with Dropbox and as you mentioned you got the error  "it was impossible to connect and to try later", this means that the version is no longer compatible to be synced. 

Waiting for your reply!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...