Fake WhatsApp

With the plethora of apps available in the Google Play Store, we often take for granted that whatever we download is genuine. Not the case for over one million Android users though. There was a fake version of WhatsApp floating about in the store, and many mistakenly downloaded to their phones.

According to The Register, Reddit users spotted the fake yesterday, 3 November, and it looked deceivingly like the real thing. Everything from the logo, product page, down to the publisher name “WhatsApp Inc.” It’s however, labelled “Update WhatsApp Messenger.”

It passed Google’s Play Protect so it must be legit right?

Fake WhatsApp
Will the Real WhatsApp please stand up? | Pic cred: The Register

Reddit user DexterGenius reported that the app itself has minimal permissions, but it’s really an ad-loaded wrapper that has some code to download a second apk file, called “whatsapp.apk.” He revealed that the app tries to hide itself by not having a title and sporting a blank icon. DexterGenius had earlier installed the app and decompiled it.

He also posted screenshots of the app and several pop up ads:

Fake WhatsApp
Pic cred: @DexterGenius

The app appears to be developed by WhatsApp Inc, however it was discovered that it had a hidden space at the end to allow the fake version to masquerade as a genuine WhatsApp Inc product. It contains two bytes: 0xC2 0xA0, forming an invisible space. Sneaky.

READ ALSO  [Review] Sony Xperia T2 Ultra: LTE phablet on a budget

Google’s comprehensive security system Play Protect clearly failed to identify the fake app and developer. Play Protect supposedly vets every app developer in Google Play, and apps undergo rigorous security testing before they appear in the Play Store. In its product page, Google says “50 billion apps scanned day makes life a little easier.”

Google purportedly uses machine learning to spot bad app. According to Google’s 2016 Android security report, about 50 bad apps let Android malware rack up to 4.2 million downloads. These downloads enabled fraudsters to make money by secretly sending premium-rate SMSes and subscribing users to paid online services unknowingly.

Fake WhatsApp
How’s this even allowed, Google?

What you can do

If you’ve fallen victim to one of these fake apps, uninstall it immediately. Also ensure you only download from the Google Play Store, and not from unknown sources or links from outside of the official store. Yes, as demonstrated, some fake/malicious apps still escape, which makes it even more crucial that you look at the details before downloading any apps.

Do pay attention to the app name, developer, rating and reviews/comments.

Installing a mobile security app like F-Secure, Sophos, Norton, Trend Micro and others will give you added protection and security.

Via The Register

READ ALSO  Maxis A.I. Network all set for 5G
  • Show Comments

Your email address will not be published. Required fields are marked *

comment *

  • name *

  • email *

  • website *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You May Also Like

BlackBerry KEYone

BlackBerry KEYOne sneaks into Malaysian retail channels

The BlackBerry KEYOne is significant in a couple of ways. Firstly, BlackBerry isn’t dead. The ...

ASUS ZenFone 4 Selfie Pro

Pre-order the new ASUS ZenFone 4 family starting 17 August

ASUS has unveiled its new Zenfone 4 range in Taiwan, and the good news ...

Alcatel OneTouch Idol X+ launch

Alcatel OneTouch Idol X+ brings true octa-core performance to Malaysians

Alcatel OneTouch unveiled its most powerful new device to date – the Idol X+, ...