There are a large number of counterfeit Binance APPs on third-party markets and APK forums. This article provides complete identification. Download access: Binance website, mobile Binance official app, if you don't have the App on iOS, see the iOS installation guide.
I. Three Steps for Identification
| Step | Check |
|---|---|
| 1. Before install | Download source + SHA-256 |
| 2. During install | Package name + signature fingerprint |
| 3. After install | Permission request list |
II. Before Install
Download Source
Only download from the binance.com download page / Play Store (developer Binance Holdings). Any other sources are suspicious.
SHA-256
Calculate the SHA-256 immediately after downloading the APK:
certutil -hashfile binance.apk SHA256
Compare it with the SHA-256 published on the binance.com download page. Install only if they match.
III. During Install
Package Name
The previous article "APK Package Name" has detailed this. com.binance.dev is the only official package name.
Signature Fingerprint
apksigner verify --print-certs binance.apk
The output SHA256 should be consistent with the official signature published on binance.com.
The signature is a more stable mark of authenticity — the SHA-256 changes with the version, but the signature fingerprint remains unchanged for years.
IV. After Install
Application Permissions
Settings → Apps → Binance → Permissions. You should see:
- Camera (scanning QR codes, KYC)
- Notifications (push alerts)
- Storage (exporting spreadsheets / screenshots)
You should NOT see:
- SMS read/write (unless you haven't bound an email for primary 2FA)
- Phone state (no business necessity)
- Accessibility services (the most dangerous)
- Device administrator (remote control)
- Call recording
Any abnormal permissions → uninstall immediately.
UI Details
Counterfeit APPs are mostly browser shells. Comparison points:
- The real APP has a splash screen + loading animation on startup
- The fake APP occasionally flashes the URL bar at the top after startup
- The real APP has complete settings options
- Some settings in the fake APP are unresponsive when clicked
Traffic Monitoring
Tools like GlassWire / NetGuard can view the domains the APP connects to. The real APP only connects to binance.com subdomains. A fake APP will connect to unknown domains.
V. Features of Clone Sites
Counterfeits are not just APPs, but also websites that "look like binance.com". Identification:
URL
The main domain is not binance.com.
HTTPS Certificate
The issued subject is not Binance Holdings.
Login
After logging into the real binance.com, the address bar jumps to accounts.binance.com. Fake sites will not jump.
Registration
Registration on the real site costs no money and requires no upfront KYC. Fake sites often ask for an "activation fee".
VI. Fake "Binance Official" on Telegram / X
Features of Fake Accounts
- No blue verification checkmark
- Hundreds of thousands of followers but posts are inconsistent with the official style
- Often promoting "VIP groups" and "Airdrop events"
Real Accounts
- @binance (X / Twitter, blue checkmark)
- @BinanceExchange (Telegram, verified)
- All social media accounts linked at the bottom of the official website
VII. Emergency Response for Accidental Installation
If you installed a counterfeit APP:
- Uninstall it immediately
- Check the assets / history of all your Binance accounts
- Change password + reset 2FA + delete API keys
- Run an antivirus scan
- Flash the device if necessary
See the account theft emergency response flow for details.
VIII. Long-Term Defense
1. Pin to Browser Bookmarks
Bookmark binance.com, and always enter from the bookmark.
2. Lock APP Icon to Home Screen
On iPhone, drag Binance to the Dock or home screen to keep it permanently.
3. Do Not Click Search Engine Ads
The first search result for Binance is almost always a paid ad or a fake site.
4. Teach Family Members
Financial account risks in a family are usually breached from the weakest link. Family members should all know how to identify them.
FAQ
Q1: How long does it take for fake APPs to be discovered and removed? It depends on the market. Usually 1-2 weeks for the Play Store; third-party markets may never take them down.
Q2: Is clearing the cache enough after installing a fake APP? No. You must do all three steps: uninstall + antivirus scan + change password.
Q3: Are the icons used by fake APPs infringing copyright? Yes. Binance continues to defend its rights, but cannot keep up with the speed of counterfeiting.
Q4: Can I download "Open Source Binance" from GitHub? The Binance APP is not open-source. The "binance" repositories on GitHub are all unofficial experimental projects and are not Binance trading clients.
Extended Reading
- What is the package name of the Binance APK? Why verifying the package name is more reliable than looking at the icon
- How to verify the authenticity of the Binance Android APK? Check the signature before logging in after downloading
- Are the "Binance" apps on third-party application markets real? A case-by-case review