The app was in the store. It was still fake.

I wanted a simple trading app, found one in the official app store with a polished logo and hundreds of reviews, and installed it like any other finance tool.

The onboarding asked for Accessibility access “so alerts could overlay other apps,” which I granted.

Within days transfers I did not authorise left my current account while the app’s dashboard still showed fake balances.

The store pulled the listing weeks later for policy violations, but my two thousand pounds was mostly gone.

Trojan apps can slip past review by behaving normally at first; combined with dangerous permissions, they automate payments or harvest logins.

The developer contact was a misspelled Proton address I had ignored in a hurry.

I treated the store badge as proof of safety and skimmed the permission screen the way most people tap through updates.

When I revoked Accessibility and the unauthorised transfers stopped the same hour, a security friend showed me how the overlay had been clicking confirm in my banking app.

The bank returned part of the loss as goodwill, not policy; I still delete apps aggressively whenever a finance tool asks for broad phone access.

I read developer history, outside reviews, and permission lists before any app touches money; Accessibility is off unless I truly need it.

• Report suspicious finance apps in the store; revoke Accessibility for non-essential apps.
• Prefer well-known brokers linked from FCA / SEC registers rather than random store search hits.

For more help, see our Report a scam page and Spot and avoid scams guide.