Fake WhatsApp app downloaded over a million times before Google removes it from Play Store

By Digit NewsDesk | Updated 7 Nov 2017
Fake WhatsApp app downloaded over a million times before Google removes it from Play Store
  • Over 1 million people downloaded a fake version of the WhatsApp app that ran the actual app plastered with ads. The app has been pulled down by Google from Play Store raising questions on effectiveness of Play Protect.

A fake version of popular messaging app WhatsApp has been found on Google Play Store. The app named "Update WhatsApp Messenger" has been downloaded over one million times, indicating the number of users who have fallen prey to the fake app.

advertisements

The listing for the app on Play Store shows the developer name as 'WhatsApp Inc" same as the company behind the actual WhatsApp app. As explained by The Hacker News, the people behind this fake WhatsApp app used a Unicode trick to make the title of developer looks as authentic as the company behind real WhatsApp app. The developers of the fake app added an invisible character space in the actual company name "WhatsApp+Inc%C2%A0" to make it appear like authentic application.

Source: The Hacker News

A Redditor named DexterGenius spotted the fake app and decompiled it to understand the rogue behaviour. The thread notes that installing the app doesn't ring any alarm bells and it runs the real Android app overlaid with advertisements. "The app itself has minimal permissions (internet access) but it's basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.' The app also tries to hide itself by not having a title and having a blank icon," DexterGenius wrote in the post.

advertisements

The fake app has been declared as an adware and removed from the Play Store since it was spotted by Redditors. Google has been streamlining its process to certify apps and recently took down a lot of apps found to be spyware or adware. It also announced a bug bounty program to make Android apps more secure. However, the surprising part is that Google Play Protect aimed to warn users of malicious apps could not detect the foul behaviour.

Google told The Register that it "is looking into the matter" of fake WhatsApp app being distributed via Play Store. The company must probably introduce more stringent norms to test and certify apps before developers distribute them on Play Store.

advertisements
Digit NewsDesk
The guy who answered the question 'What are you doing?' with 'Nothing'.
advertisements
ASK DIGIT

Recent Questions

Purchasing apps from google play store in india
Anil Kumar
Aug 20, 2014
Responses 5
Ravi Arvind Rathod
Aug 21, 2014
Anil Kumar
Aug 21, 2014
Hemant Pathak
Aug 22, 2014
Digit User
Aug 23, 2014
Jyoti Prakash
Aug 24, 2014
Comments
Be the first one to post the comment
Post a New Comment
You must be signed in to post a comment
advertisements