To all the nomophobians i.e. smartphone addicts out there, beware of the various hoaxes, fake news,spam, malware and fake apps, as the latest one to join the list is a fake Android app which was disguised as an update to the popular WhatsApp messaging service and downloaded more than a million times from the Google Play Store.
Termed as “Update WhatsApp Messenger” and developed by “WhatsApp Inc.”, the app looked quite similar to the original and official one. It was changed to a different name and then deleted altogether, according to the Reddit user who had first identified the case.He regarded that they had also placed the official WhatsApp logo and also had a high user rating of 4.2 stars, to make it look more convincing.
— Nikolaos Chrysaidos (@virqdroid) November 3, 2017
Yes, the good news now is that it had been removed from the Play Store. So, all applaud to the mastermind behind this hoaxing of the app, in which he/she has been quite successful to design it with great ease and perfection and managed to make it look as though its developer was “WhatsApp Inc”.
Tracing back to 2013, security firm Eleven Paths had already issued a warning about a fake WhatsApp that contained adware i.e. a software that draws views and clicks for ads, thereby making developers pushing the advertisements money. The security researcher of Eleven Paths, Sergio de los Santos had also cleared out that whilst Google has patented tech to improve detection of rogue apps, the fraudsters have found new ways to get their software on the official market, and thereby guarantee better download rates.
The latest trick right now is the usage of blank spaces and Unicode characters to make the developer name and titles to look like the legitimate ones. So for this fake app, an invisible Unicode character space to the end of the name, in computer code reads somewhat like “WhatsApp+Inc%C2%A0”.
Even if the app has now been taken down by Google, but dextersgenius, a Reddit user who downloaded it while it was still available, has described what it did. He regarded that, “The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk”. The app also tries to hide by not having a title and having a blank icon.”
The fact that over a million people have managed to download it before it was taken down is definitely a cause for major concern. Also, with the presence so many updates popping up almost every day, it is quite easy to get perplexed on the part of the user.
Google is supposed to protect Android users by blocking fake and malicious apps from the Play store, and this fake WhatsApp is the manifestation that the company’s security system isn’t foolproof and is faulty.