The Safe Side: Free content comes at a cost, the scam behind fake OTT apps

It started with “a lucky find”. While browsing online last month, a Bengaluru store manager came across an application called ‘Tuby’ that promised free access to OTT platforms, eliminating the need for a paid subscription. Tempted by the offer, he downloaded and installed the application on his smartphone.

What appeared to be a shortcut to free entertainment soon turned into a costly mistake. It was later revealed that the app was fake and designed to compromise users’ devices and banking information. Before the victim could even realise something was wrong, over Rs 1 lakh had been siphoned from his bank account.

“Free Netflix”, “Premium OTT access at zero cost”, “Unlimited movies without subscription,” such offers frequently appear on social media platforms. While they may seem like harmless shortcuts, cybersecurity experts warn that they are often traps designed to install malware, steal banking credentials or gain access to a user’s device.

Ways to reduce digital expenses

Deependra Singh, cyber security expert with Betul police, Madhya Pradesh, told indianexpress.com, “Nowadays, cybercriminals are taking advantage of people’s desire for free content. With OTT subscriptions becoming increasingly expensive and content being spread across multiple platforms, many users are drawn to unofficial apps and APK files. Scammers exploit this tendency.” Singh said whether it is a major sporting event, a blockbuster movie release, or exclusive streaming content, they launch fake apps using the names of popular brands and events.

He added that while many people think they are simply accessing free content, in reality, they may be giving criminals access to their phones and personal data.

“These apps often request permissions for SMS, contacts, notifications, accessibility features, or even device administrator privileges. Once granted, such permissions can allow attackers to compromise personal data, intercept OTPs, and gain access to user accounts. In some cases, malicious apps are also difficult to remove from the device,” Singh said.

Zakir Hussain Rangwala, CEO of BD Software Distribution Pvt Ltd, said, “People are constantly looking for ways to reduce digital expenses. With multiple streaming platforms hosting exclusive content, many users feel compelled to subscribe to several services simultaneously. Unofficial apps exploit this frustration by promising free access to movies, sports, and OTT content in one place.”

Story continues below this ad

He said this happens because of a combination of all four factors — subscription fatigue, rising costs, convenience, and lack of awareness. Subscription fatigue is real because users now need multiple subscriptions to access different content libraries. Rising costs make people seek cheaper alternatives, while unofficial apps offer the convenience of aggregating content in one place.

Lack of cybersecurity awareness further worsens the problem, as many users assume an app that looks professional is safe, said Rangwala. “Cybercriminals understand these behavioural patterns and design fake applications specifically to exploit cost-conscious and convenience-driven consumers,” he said.

The risks extend far beyond monetary losses. He said fake streaming apps can secretly install malware, spyware, or remote access tools that allow cybercriminals to monitor user activity and steal sensitive information. “Personal data such as login credentials, emails, photos, contacts, and banking details can be harvested and sold on underground markets. Some apps may also compromise device performance, disable security features, or turn infected devices into part of larger cybercrime operations. In many cases, victims remain unaware of the compromise for months,” he explained.

He added that cybercriminals increasingly misuse the names and visual identities of well-known streaming and entertainment platforms because trust is easy to exploit. “When people recognise a familiar brand or service category, they tend to lower their guard and assume the offer is legitimate,” he said.

Story continues below this ad

How to distinguish between legitimate offers and scams

📍 If an offer sounds too good to be true, it probably can be a scam.

📍 Genuine promotions are usually announced through official apps, websites, or verified social media accounts and not through social media platforms

📍 Legitimate offers clearly explain the terms and conditions and do not rely on pressure tactics

📍 Scams often promise completely free access to premium content or subscriptions

Story continues below this ad

📍 Fraudsters create urgency by claiming an offer is available for a limited time.

📍 Be wary of offers that require downloading apps from unknown links or sharing payment details.

📍 Always verify promotions through official channels before clicking or downloading anything.

📍 Spending a few minutes checking an offer can prevent financial and personal loss

Story continues below this ad

Precautions when downloading apps outside official app stores

📌 Verify developer’s identity before installing any app

📌 Check whether the app is listed on official website of the service provider

📌 Use reputable mobile security or antivirus software

📌 Review all requested permissions carefully before granting access

📌 Avoid apps that request unnecessary access to contacts, SMS, call logs, or banking-related information

📌 Read independent reviews from trusted sources

📌 Check whether the app has a valid digital signature from a recognised publisher

Story continues below this ad

📌 Never install an app solely because it promises free access to paid content

Telltale signs of fake streaming or entertainment apps

📍 Promises of lifetime free subscriptions or premium access

📍Installation links hosted on third-party websites

📍 Requests for permissions unrelated to streaming services

📍Poorly designed interfaces and low-quality graphics

📍 Frequent pop-ups and intrusive advertisements

📍 Spelling and grammatical errors within the app or website

📍 Pressure to enter card details or make payments quickly

📍 Missing, incomplete, or suspicious developer information

📍 Recently created websites claiming affiliation with well-known brands

Key red flags to watch out for

📌 A streaming app requesting access to SMS, contacts, accessibility settings, or device administration.

📌 Downloads available only through unofficial websites.

📌 Excessive permissions unrelated to the app’s purpose.

📌 Poor user experience, broken links, and spelling mistakes.

📌 Aggressive pop-ups urging immediate action.

📌 Claims of “free premium access” that require payment details.

📌 Developers with no established online presence or verifiable credentials.

📌 Newly created websites or publishers impersonating popular brands.

Experts suggest that young users and students often look for free or low-cost entertainment and may take risks to access premium content. Older adults, meanwhile, can struggle to distinguish between genuine and fake apps if they are less familiar with digital security practices. The solution lies in practical digital literacy.

Story continues below this ad

Deependra Singh said, “If such an app is accidentally downloaded, the first step should be to remove it from the phone immediately. In many cases, these apps obtain additional permissions, so users should review and revoke those permissions before uninstalling the app. After that, it is advisable to change the passwords of important accounts such as email, social media, and banking accounts.”

“If someone notices unusual activity on their phone after installing the app, or if any fraudulent transaction occurs, they should immediately inform their bank and report the incident by calling 1930. I would also recommend running a security scan on the device, and if necessary, backing up important data and performing a factory reset. The most important thing is to act as quickly as possible after such an app is installed, as prompt action can significantly reduce potential damage.”

The Safe Side

As the world evolves, the digital landscape does too, bringing new opportunities—and new risks. Scammers are becoming more sophisticated, exploiting vulnerabilities to their advantage. In our special feature series, we delve into the latest cybercrime trends and provide practical tips to help you stay informed, secure, and vigilant online.