Fake WhatsApp app downloaded over a million times before Google removes it from Play Store

By Digit NewsDesk | Published on 06 Nov 2017

Over 1 million people downloaded a fake version of the WhatsApp app that ran the actual app plastered with ads. The app has been pulled down by Google from Play Store raising questions on effectiveness of Play Protect.

Fake WhatsApp app downloaded over a million times before Google removes it from Play Store

Vostro 3501

Popular tech to stay connected anywhere. Save more on exciting Dell PCs.

Click here to know more


A fake version of popular messaging app WhatsApp has been found on Google Play Store. The app named "Update WhatsApp Messenger" has been downloaded over one million times, indicating the number of users who have fallen prey to the fake app.

The listing for the app on Play Store shows the developer name as 'WhatsApp Inc" same as the company behind the actual WhatsApp app. As explained by The Hacker News, the people behind this fake WhatsApp app used a Unicode trick to make the title of developer looks as authentic as the company behind real WhatsApp app. The developers of the fake app added an invisible character space in the actual company name "WhatsApp+Inc%C2%A0" to make it appear like authentic application.

Source: The Hacker News

A Redditor named DexterGenius spotted the fake app and decompiled it to understand the rogue behaviour. The thread notes that installing the app doesn't ring any alarm bells and it runs the real Android app overlaid with advertisements. "The app itself has minimal permissions (internet access) but it's basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.' The app also tries to hide itself by not having a title and having a blank icon," DexterGenius wrote in the post.

The fake app has been declared as an adware and removed from the Play Store since it was spotted by Redditors. Google has been streamlining its process to certify apps and recently took down a lot of apps found to be spyware or adware. It also announced a bug bounty program to make Android apps more secure. However, the surprising part is that Google Play Protect aimed to warn users of malicious apps could not detect the foul behaviour.

Google told The Register that it "is looking into the matter" of fake WhatsApp app being distributed via Play Store. The company must probably introduce more stringent norms to test and certify apps before developers distribute them on Play Store.

Digit NewsDesk

The guy who answered the question 'What are you doing?' with 'Nothing'.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status