All Rights Reserved
Be alert: Fake Whatsapp app discovered with over one million downloads
A fake version of the WhatsApp messenger app was discovered on Google Play Store and over a million Android users has been duped into downloading a fake application on Google Play, thanks to a character space.
A sneaky app maker pretended to be the actual WhatsApp service with an app called Update WhatsApp Messenger. But it copped the developer title “WhatsApp Inc.”—the same title the actual Facebook-owned chat messenger uses on Google Play.
The only difference was the app maker added a Unicode character space after the WhatsApp Inc. name. In a computer code the difference is more obvious—it reads WhatsApp+Inc%C2%A0. But to average Android users browsing Google Play, that character space would be easy to miss.
The app, “Update WhatsApp Messenger”, appeared to have been developed by the firm behind the real program – WhatsApp Inc.
It has now been removed from the Play Store.
Whoever was behind the app managed to make it look as though its developer was “WhatsApp Inc”.
Reddit users spotted the problem on Friday. The dummy app was not a chat app, but served users with ads to download other apps. As Motherboard noted, Avast researcher Nikolaos Chrysaidos pointed out that it was downloaded at least 1 million times.
The dummy app’s developer is unknown, but the culprit later changed the name of the app to “Dual Whatsweb Update,” and removed the “WhatsApp Inc.” developer title. It has since been removed from Google Play.
“I can confirm that the app was removed from Google Play and the developer account was suspended for violating our program polices,” a Google spokesperson said Friday.
Fake Android apps are nothing new, and they’re often used to spread malware on mobile phones. But the WhatsApp dummy product incident is worrisome because it doesn’t appear that Google noticed the problem. Google Play rules don’t allow apps to impersonate another brand title or logo. In addition, the company has been using new security measures to prevent malware from entering the platform.
Hackers have used similar tricks, like using Cyrillic alphabet letters in the place of English letters, to create legitimate-looking domain names.
They did this by using that exact name, though replacing the space with a special character that looks like a space.
The subtle difference would have been practically undetectable to the average user.
Users receiving automatic updates via the real WhatsApp would not have been affected.
It is far from the first time that Google has had to clean up fake malicious apps on the Play Store.
In 2015, the firm had to step in and block one program that disguised itself as a battery monitor and sent premium-rate text messages from people’s phones.