We often rely on official app sources like Google Play for Android and the Apple App Store to protect us from malicious apps and fake apps. Official app stores have vetting systems in place that prevent unscrupulous developers from tricking unsuspecting users into installing shady apps.
Although app screening cuts down on the chances a malicious app makes it in, sometimes a sneaky developer finds a way to trick these systems into accepting a questionable app.
Take this fake version of a popular messaging app, for example. Due to a simple sleight of coding hand, it managed to dupe Google Play's verification process, elude Google Play Protect's defenses and was downloaded between 1 million and 5 million times from the official Play store before it was flagged as fraudulent!
Read on and I'll tell you how this fake app managed to trick even the tightest defenses Google Play has in place.
Sneaky WhatsApp clone
WhatsApp is a popular chatting app used by millions of people worldwide, but it has also been the target of many "spoof" apps. Usually, fake versions of WhatsApp can be found in unofficial third-party app stores or straight from the web.
We always warn you about downloading non-Google Play Store apps since there's a good chance your system can get infected with malware if you take this route.
However, this latest WhatsApp clone managed to slip into the official Google Play app store and was actually made available side-by-side with the real WhatsApp application.
The fake app masqueraded as the real WhatsApp service with an app called "Update WhatsApp Messenger."
But how did the nefarious developer manage to do it?
It was a surprisingly clever yet simple trick - the sneaky developers tweaked their developer ID to resemble the real developer's name, in WhatsApp's case, "WhatsApp Inc.," by adding an almost invisible Unicode character space after their ID.
Although the two developer IDs look exactly the same, they're quite different in computer code.
The real WhatsApp developer's URL is this:
And the fake WhatsApp developer's URL appears like this:
Note the extra characters at the end. Yep, it looks like a subtle difference but that's enough to fool even Google Play and apparently, 1 to 5 million Android users.
What's the fake app's endgame?
Upon installation, the fake WhatsApp app concealed its presence on the victim's phone by creating a blank icon so it won't appear on the phone's Apps screen.
The fake app then lurked in the background to do whatever it was designed to do, in this case, generate revenue via advertising.
However, the big danger with fake apps is that its developers can pretty much serve anything they want, from simple ad clicking software to more dangerous malware such as spyware or ransomware.
Thankfully, the fake WhatsApp clone was discovered by Reddit users before it could do further damage. The fake app has since been removed from the Google Play Store and the bogus developer account has been suspended.
If you've installed an "Update WhatsApp Messenger" app recently, please uninstall it immediately.
To review and remove questionable apps, go to Settings >> then Apps or Application Manager. Look through the list and keep an eye out for anything that's odd or unfamiliar.
Tap the questionable app you want to get rid of and this will open up the App Info screen. First, remove the app's data cache by hitting "Clear Cache." Next, delete the app's data by tapping "Clear Data."
Once these steps are done, click on the "Uninstall" button to remove the app.
Don't get scammed by "fake apps"
"Spoof" apps on the Google app store are common. Malicious actors of all types disguise their revenue-generating advertising bots as updates to some of the most popular apps. If you don't know what to look for it can be very easy to get caught up in the scam, and suddenly be bombarded by advertisements because of it.
Spoofing another developer's name is obviously a violation of the Google Play rules but what's troublesome is how this fake app with a disguised developer name made it to the Google Play store in the first place.
It is unusual that a naming glitch, such as this one that was used to fake the developer name, could last for more than a few hours on the Google Play Store.
Most nefarious apps that masquerade as more popular ones use tricks like Cyrillic alphabet characters to create legitimate-looking names. The overwhelming majority of these "fake apps" are taken down very quickly, but stay vigilant just in case.
Can this really stop malicious apps in the Google Play store?
Google is combating the prevalence of "fake apps" on their online store. To learn how you can stop scammers from infiltrating your life, click here.