A fake WhatsApp app gets 1 million downloads on Google Play
Table of contents:
Imagine this situation: you read an article about the new WhatsApp message deletion function like this one. You want that feature, obviously. So you enter the Google Play Store and search for “WhatsApp update” to find that latest version that will give you what you want. You come across an application that has little or nothing to do with the original WhatsApp. Of course, you discover it late because it perfectly imitates the download page of WhatsApp itself in the Google Play Store.You can imagine the rest: abusive, possible theft of sensitive information, etc. etc If you are one of those who think “that doesn't happen to me”, you can check it out with the million people who have fallen for this ruse
A fake but famous app
Every few weeks a new piece of news about the insecurity of the Google Play Store comes to the fore. And it's not that it's insecure per se, it's that every time the occurrences of scammers are finer and more calculated. The last? Clone the WhatsApp download page, as well as its developer name All this to deceive more than a million users. Spoiler alert: the issue has now been fixed.
From Reddit we learned that some very smart developers have discovered the formula to imitate the WhatsApp download page. They copy everything except the name, which in this case was Update WhatsApp MessengerEnough to get less learned users to end up clicking the Install button. At least the trick has been given in English, so it is unlikely that you have fallen for the trick.
"Fake WhatsApp Update on GooglePlay . Under the same>"
- Nikolaos Chrysaidos (@virqdroid) November 3, 2017
Where is the security of Google Play?
The key to all this has nothing to do with the security measures of the Google Play Store. Or at least you have to be clear that the fake application was safe, as far as we know. The key is in the phishing or imitation technique to confuse users. But how could an ordinary developer pretend to be WhatsApp itself? Being very skillful and thanks to the emoticons.
WhatsApp Download Profile Pictures are really easy to copy. After all, they are accessible to everyone in the Google Play Store.You only have to use them when submitting the fake application for it to be published. The really interesting thing comes when copy the name of the developer One of the keys that can tell us if we are dealing with a fake or not.
If we are dealing with two applications that look identical, it is best to pay attention to the name of the developer. This would give us the key to whether WhatsApp Inc, the original developer company, is the creator. Here what the smart developer has done has been to copy the original name but using a emoticon or blank symbol between “WhatsApp” and “Inc” Thus, Technically, it doesn't happen to be the same name, but it does look the same on the download screen.
More than a million affected
With all this the fake version of the application, which obviously does not offer any WhatsApp service, has collected more than a billion downloads.But it can also bragging about having outsmarted Google in its copycat antics It must be a safe app to be on the Google Play Store, but it may have made a profit thanks to abuse and other techniques thanks to the name of WhatsApp. And, of course, thanks to the ignorance of the users.
The problem is now resolved. And it seems that changing images and names in the Google Play Store is a quick and uncomplicated process. Now the fake application is still there, but with a different name and a different look Of course you have to avoid installing it, like any unofficial application, despite being safe.
It is clear, then, that despite the security barriers, in the end it is the user himself who has to protect himself Of course These cases make us think very hard about each step we take in the application stores.And it seems that looking at the name of the developer and attending to the comments of other users may not be enough.
