Fake WhatsApp listing draws over one million downloads from the Google Play Store

A fake WhatsApp listing on the Google Play Store drew over one million installations from Android users before Google removed the app from the store. Google also suspended the developer for violating Google's policies. Luckily for those who did install the app, the only thing it did was push ads for other apps. Reddit users blew the whistle on the app yesterday as Google apparently didn't spot the fake. The spoof used the name "Update WhatsApp," and included the WhatsApp logo to make it appear as though the phony was an official update to the very popular messaging app.

Using a Unicode "white space," the developer of the fake was able to make it appear as though WhatsApp Inc. was the developer, copying the developer title used on the real WhatsApp app. Google does not allow apps that impersonate a title or logo. Using the Unicode white space tricked Google's computerized security into thinking that the developer name was different than the one listed on the legitimate WhatsApp app. The public, however, couldn't see the Unicode symbol (the developer name on the fake was really listed as WhatsApp+Inc%C2%A0) and was thus fooled into thinking that the spoofed listing was created by the exact same developers responsible for the legitimate Google Play Store listing.

While the intent of the fake app was to create revenue for the developer by posting ads, the same tactic could have been used to steal personal data from the more than one million people who signed up for the app. Nikolaos Chrysaidos, a security researcher at anti-virus company Avast, says that this kind of spoofing has been done many times before. He mentioned a fake Facebook that was downloaded ten million times.


Google continues to try and rid the Play Store of such fake apps.  The battle continues.


source: Motherboard via PCMag

FEATURED VIDEO

24 Comments

4. KamranJamshed

Posts: 1; Member since: Nov 03, 2017

Yesterday when my whatsapp was not working, i went to playstore and found these apps....before pressing the install button,,,,i have checked the developer email address and got suspicious and ignored the installation of these apps..............Its sad that people use cheap ways to get attention/money or use shortcuts.............. Life have no shortcut...

5. MasterAlchemist

Posts: 56; Member since: Oct 14, 2017

Ah~~~~ the Beauty of Androidâ„¢

22. tokuzumi

Posts: 1844; Member since: Aug 27, 2009

Go type an I on your keyboard.

8. antonmassoud

Posts: 89; Member since: Oct 22, 2016

I didn't even know it was down

10. mikehunta727 unregistered

Man Google got to stop being lazy and screen every single app that comes into the Play Store.. Every week there is a new report of people getting malware from popular apps from the Play Store/stuff like this Google Play Protect just recently lost out to over 20 other antivirus scanner apps on the Play Store, Play Protect had the lowest malware detection rate out of all of them and Google is a multi billion dollar corporation Step up Google and protect your users and improve the quality of the Play Store because there is indeed lot of trash on the Play Store

16. Peacetoall unregistered

That is certainly true.

23. tokuzumi

Posts: 1844; Member since: Aug 27, 2009

So, someone searching for WhatsApp finds WhatsApp, and an app titled "Update WhatsApp". Anyone who downloaded the Update version has to accept the consequences and chalk this up to a learning experience. I always read reviews/comments and verify the app is the one I want before I download. It's good that Google caught this in a relatively short period of time, but the bulk of the responsibility is on the user to make sure they are downloading what they are expecting.

24. greyarea

Posts: 267; Member since: Aug 14, 2015

wow, from 23 comments down to 7. That's not "some" comments hidden. Little heavy handed no?

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.