The Government of India has issued a nationwide cyber alert, warning citizens against fake DigiLocker applications available on the Google Play Store.
Cybercriminals are using these counterfeit apps to steal users’ identity documents, banking information, and confidential data, resulting in substantial financial losses.
The fraud has become so sophisticated that even digitally aware users are finding it hard to distinguish between authentic and cloned apps.
The Ministry of Electronics and Information Technology (MeitY), in an official post on X (formerly Twitter) dated December 1, 2025, stated —
“There is only one genuine DigiLocker app, developed and maintained by the National e-Governance Division (NeGD), Government of India. All other similar apps are unauthorised, fraudulent, and potentially harmful.”
The government has urged citizens to verify the developer’s name, official logo, and source before downloading any app claiming to be “Digital Locker.”
How the Scam Works: Trust Disguised as a Government Interface
Cybersecurity experts have revealed that these fake apps mimic the exact design, colours, and interface of the original DigiLocker platform, creating an illusion of authenticity.
“Users believe they are interacting with a legitimate government app,” said Tarun Wig, Co-founder and CEO of Innefu Labs.
“This is not merely a technical fraud, but a psychological manipulation. Attackers create an environment of trust and urgency — prompting users to share their Aadhaar, mobile numbers, OTPs, or banking credentials. It’s the latest evolution of social engineering.”
Once installed, these apps demand excessive permissions — including access to the camera, contacts, messages, and storage — effectively compromising the user’s entire digital identity.
Government Advisory: “Check the Developer Name, Avoid Forwarded Links”
MeitY clarified that the official DigiLocker app lists its developer as —
“National e-Governance Division, Government of India.”
Citizens have been advised to:
- Download only from www.digilocker.gov.in or the verified Play Store link.
- Avoid forwarded links or third-party APK files.
- Always review app permissions, developer details, and user ratings.
- Deny unnecessary access to contacts, SMS, and gallery.
A Growing Digital Crime Ecosystem: Every Click Carries a Risk
As India’s digital adoption accelerates, the ecosystem of fake and malicious apps is expanding rapidly.
According to CERT-In (Computer Emergency Response Team) data for FY 2024–25, over 350,000 cyber fraud complaints were recorded — a large fraction linked to fake government or banking apps.
Experts say platforms like DigiLocker, which host sensitive identity documents such as Aadhaar, PAN, and academic records, have become soft targets for cybercriminals.
These scams not only lead to financial fraud but also trigger identity theft and long-term misuse of personal data.
The Psychology of Fraud: When Trust Becomes a Weapon
“Cybercrime is no longer about coding; it’s about psychology,” said Wig.
“Fraudsters exploit two human emotions — trust and urgency. When a user sees a government emblem and feels a task must be done immediately, caution disappears. One careless ‘Allow’ click can compromise an entire identity.”
He added that the real challenge isn’t just technology — it’s the mindset of digital complacency among users.
Five Golden Rules of Cyber Safety: Your Digital Armor
1. Download only verified government apps or links.
2. Always check the developer’s name and app reviews.
3. Never install apps from forwarded or unknown APK files.
4. Keep your phone’s software updated and run regular antivirus scans.
5. Report suspicious apps immediately at cybercrime.gov.in.
Next Steps: Government Plans Strict App Store Scrutiny
Sources indicate that the government will soon launch a joint audit with Google and Apple to identify and remove counterfeit apps impersonating official digital platforms.
The aim is to strengthen digital trust infrastructure and prevent fake apps from entering the Indian app ecosystem.
“Digital safety isn’t only the government’s duty — it’s every citizen’s responsibility. One careless click can cost your data, your money, and your trust.”
