Short answer

Fake wallet apps are a steady threat on both iOS App Store and Google Play. The detection rules are simple but routinely ignored: install only from the link on the official project's main website (metamask.io for MetaMask, trustwallet.com for Trust Wallet); verify the developer name; check the install count; read recent reviews. If anything feels off, walk away and use the web version instead.

The fake-app patterns

Name-squatting. "MetaMask - Wallet & Bitcoin," "Trust Wallet Pro," "Coinbase Plus." The fake uses a similar name with extra words. The real apps don't have suffixes like "Pro," "Plus," "Wallet" attached.

Icon look-alikes. Identical or near-identical icon. The fake app's icon is downloadable from the real app's marketing materials. Visual identity is not reliable.

Fake review inflation. Hundreds of 5-star reviews posted by bots within days of the app's launch. Real apps accumulate reviews over years; sudden burst patterns are a flag.

Recent-launch timing. A "new MetaMask app" launching in 2026 makes no sense; the real MetaMask has been on stores since 2020.

The verification checklist

Before installing any wallet app, run through:

  1. Open the project's official website (metamask.io, trustwallet.com, etc.) in a browser.
  2. Click the official "Download" or "Get the app" link.
  3. Verify the resulting App Store / Play Store page matches what you expected.
  4. Check developer name: MetaMask is "ConsenSys"; Trust Wallet is "DApps Platform Inc"; Coinbase Wallet is "Coinbase Inc."
  5. Check install count: real apps have millions of installs (MetaMask 10M+, Trust 10M+, Coinbase 50M+).
  6. Read the most recent reviews — fake apps have complaints about funds disappearing.

iOS vs Android risk

Apple's App Store catches more fake wallet apps before they reach users; not perfect but better filtering. Google Play has historically been more permissive — fake wallet apps slip through, get downloaded thousands of times, then get banned. The damage during that gap is real.

For Android users especially, never install from a third-party APK source. F-Droid is reasonably safe for fully open-source wallets. Sideloaded APKs from random websites are the highest-risk install vector.

The "use web version" fallback

For MetaMask, you can use the browser extension on desktop instead of the mobile app. For Trust Wallet, the mobile app is the only option but the official Trust browser extension exists. If you're uncertain about a mobile install, the desktop browser version of the wallet is usually the safer path.

Further reading: Phishing, Hot wallet.