DigiLocker fraud on Google Play Store: How scammers are stealing money & how you can avoid it

The Indian government has put out an urgent warning about fake DigiLocker apps that are being used to scam Indian consumers and fraudsters are taking advantage of sensitive customer information.

In a X post dated December 1, 2025, the government stated: “There is only one genuine DigiLocker app, and it is issued by the National e-Governance Division, Government of India. Avoid apps with similar icons or generic developer names. Always double-check before downloading, and share this information to help others stay safe.”

x.com/_DigitalIndia/status/1995485535377465536?s=20

What did the government say?

The Ministry of Electronics and Information Technology in a banner posted on X said: “There’s an unauthorized counterfeit “Digital Locker”app on the Google Play Store, and users have been financially scammed.”

The government said users should look for the developer who published this app before downloading it. The real DigiLocker app is from “National e-Governance Division, Government of India.”

The government said in the banner: “Avoid any app that looks similar to or has a generic-sounding developer name. Your documents and money are at risk.”

How does this kind of fraud occur? Is this a psychological trick?

According to Tarun Wig, Co-Founder & CEO, Innefu Labs, fake DigiLocker apps exploit a combination of visual impersonation and psychological manipulation.

Wig says: “Attackers replicate official logos, colours, and interface designs to create a sense of legitimacy. Once the user feels they are interacting with a trusted government app, they are more likely to grant more permissions or enter sensitive information.”

According to Wig this is a classic case of digital social engineering, cyber criminals exploit two key vulnerabilities, trust and urgency, to lower the user’s guard.

Wig says: “Once installed, these apps can misuse personal identity details, financial information, and even access stored documents.”

How can consumers stay safe from such frauds?

Wig suggests that you can take the following steps to protect yourself from this scam:

• Verify the developer’s name: The only legitimate DigiLocker app is published by the National e-Governance Division, Government of India. Avoid clicking on any forwarded links.
• Check app permissions and reviews: Excessive permission requests or negative app store feedback are clear warning signs.
• Additionally, users must remain cautious about forwarded APK links or lookalike apps with similar names.

Wig says: “As digital adoption grows, cybercriminals increasingly target trust-based platforms. Staying vigilant and relying only on official sources is the strongest defence.”

The official website of DigiLocker is: digilocker.gov.in/ You can use DigiLocker on the web also.