Are you using a fake WhatsApp app?

Fake WhatsApp

With the plethora of apps available in the Google Play Store, we often take for granted that whatever we download is genuine. Not the case for over one million Android users though. There was a fake version of WhatsApp floating about in the store, and many mistakenly downloaded to their phones.

According to The Register, Reddit users spotted the fake yesterday, 3 November, and it looked deceivingly like the real thing. Everything from the logo, product page, down to the publisher name “WhatsApp Inc.” It’s however, labelled “Update WhatsApp Messenger.”

It passed Google’s Play Protect so it must be legit right?

Fake WhatsApp
Will the Real WhatsApp please stand up? | Pic cred: The Register

Reddit user DexterGenius reported that the app itself has minimal permissions, but it’s really an ad-loaded wrapper that has some code to download a second apk file, called “whatsapp.apk.” He revealed that the app tries to hide itself by not having a title and sporting a blank icon. DexterGenius had earlier installed the app and decompiled it.

He also posted screenshots of the app and several pop up ads:

Fake WhatsApp
Pic cred: @DexterGenius

The app appears to be developed by WhatsApp Inc, however it was discovered that it had a hidden space at the end to allow the fake version to masquerade as a genuine WhatsApp Inc product. It contains two bytes: 0xC2 0xA0, forming an invisible space. Sneaky.

Google’s comprehensive security system Play Protect clearly failed to identify the fake app and developer. Play Protect supposedly vets every app developer in Google Play, and apps undergo rigorous security testing before they appear in the Play Store. In its product page, Google says “50 billion apps scanned day makes life a little easier.”

READ ALSO  ZTE Axon 7 Android 8 Oreo Beta review

Google purportedly uses machine learning to spot bad app. According to Google’s 2016 Android security report, about 50 bad apps let Android malware rack up to 4.2 million downloads. These downloads enabled fraudsters to make money by secretly sending premium-rate SMSes and subscribing users to paid online services unknowingly.

Fake WhatsApp
How’s this even allowed, Google?

What you can do

If you’ve fallen victim to one of these fake apps, uninstall it immediately. Also ensure you only download from the Google Play Store, and not from unknown sources or links from outside of the official store. Yes, as demonstrated, some fake/malicious apps still escape, which makes it even more crucial that you look at the details before downloading any apps.

Do pay attention to the app name, developer, rating and reviews/comments.

Installing a mobile security app like F-Secure, Sophos, Norton, Trend Micro and others will give you added protection and security.

Via The Register

Tags:

Lazada Malaysialazada ad
  • Designer. Writer. Webhead. Tech geek. Twitter-addict. Apple. Animal lover. Steve Jobs groupie. Petrolhead. BMW. Porsche. Alfisti. Chelsea FC.

  • Show Comments (0)

Share us your thoughts:

You May Also Like

OPPO F5

OPPO F5 joins 18:9 Full View Display party

OPPO is surprising late to the scene, but it looks like it will finally ...

ZTE Blade V7 LIte

ZTE Blade V7 Lite review: Now everyone can have a metal phone

I remember the days when smartphones were plastic or polycarbonate, as some would like ...