With the plethora of apps available in the Google Play Store, we often take for granted that whatever we download is genuine. Not the case for over one million Android users though. There was a fake version of WhatsApp floating about in the store, and many mistakenly downloaded to their phones.
According to The Register, Reddit users spotted the fake yesterday, 3 November, and it looked deceivingly like the real thing. Everything from the logo, product page, down to the publisher name “WhatsApp Inc.” It’s however, labelled “Update WhatsApp Messenger.”
It passed Google’s Play Protect so it must be legit right?
Reddit user DexterGenius reported that the app itself has minimal permissions, but it’s really an ad-loaded wrapper that has some code to download a second apk file, called “whatsapp.apk.” He revealed that the app tries to hide itself by not having a title and sporting a blank icon. DexterGenius had earlier installed the app and decompiled it.
He also posted screenshots of the app and several pop up ads:
The app appears to be developed by WhatsApp Inc, however it was discovered that it had a hidden space at the end to allow the fake version to masquerade as a genuine WhatsApp Inc product. It contains two bytes: 0xC2 0xA0, forming an invisible space. Sneaky.
Google’s comprehensive security system Play Protect clearly failed to identify the fake app and developer. Play Protect supposedly vets every app developer in Google Play, and apps undergo rigorous security testing before they appear in the Play Store. In its product page, Google says “50 billion apps scanned day makes life a little easier.”
Google purportedly uses machine learning to spot bad app. According to Google’s 2016 Android security report, about 50 bad apps let Android malware rack up to 4.2 million downloads. These downloads enabled fraudsters to make money by secretly sending premium-rate SMSes and subscribing users to paid online services unknowingly.
What you can do
If you’ve fallen victim to one of these fake apps, uninstall it immediately. Also ensure you only download from the Google Play Store, and not from unknown sources or links from outside of the official store. Yes, as demonstrated, some fake/malicious apps still escape, which makes it even more crucial that you look at the details before downloading any apps.
Do pay attention to the app name, developer, rating and reviews/comments.
Via The Register