A trap is dynamically created in a computing device to detect a malicious application. The trap may be a fake e-mail address created in response to detecting running of an application in the computing device. The fake e-mail address includes a local-part that identifies the application and identifies the mobile computing device (e.g., by user identifier). A backend system receives e-mails that are addressed to fake e-mail addresses. The backend system parses a recipient address of a received e-mail to identify an application associated with the e-mail and the computing device where the fake e-mail address was generated. The backend system informs a user of the computing device of a data leakage occurring in the computing device and the application that may be responsible for the data leakage.