Description: The Fake App Canarytoken allows a user to install a decoy app on their phone that looks like a real app (e.g. banking or mail). If opened, it sends an alert to warn them that someone has accessed their phone. This article runs through the steps required to setup and install the Fake App Canarytoken.
Note: The steps below are predominantly focused on iOS and Android mobile device installation. This does not however mean that they are limited to these environments and may also possibly work in other environments that support Progressive Web Applications (PWAs), such as desktops and wearables too.
Step 1:
Create a Fake App Canarytoken on your Console and select a desired app icon of the app you want to imitate, and use the default app name, or modify it to your preference. Next enter a memo that will help you remember where this Canarytoken has been deployed, before clicking "Create token".
Step 2:
Once the Fake App token has been created, the decoy app can be installed by either clicking "Install Fake App" on the target device, or by copying the installation link and opening it on the target device's browser.
Step 3: On iOS
Open the install link in your mobile Safari browser. The following screen will be visible:
Tap the share icon at the bottom centre of the screen and tap "Add to Home Screen":
Then simply tap "Add" and the Fake App will appear on your device's Home screen.
Step 3: On Android
Open the install link in your mobile Chrome browser. The following screen will be visible:
Either click the "Install" button or Tap the menu icon and select "Add to Home Screen" which will provide an option to install the Fake App:
Tap "Install" to add the Fake App to your Home Screen:
Step 4
Once the Fake App has been added to Home Screen, an alert will be triggered when the Fake App has been opened.