The internet isn’t exactly the safest place in terms of malware, hackers, and scammers. That’s why staying up to date with the latest software for your device is critical. Not only do these updates add new features to our gadgets, but they also repair and defend against security holes and vulnerabilities that hackers work to exploit.
Staying up to date, however, means regularly checking and downloading updates as they appear. Although companies try their best to make this as quick and painless as possible, the process is not always entirely clear to every user. What’s more, updates are usually manufacturer specific, with each device having a unique method for patching and updating.
With so many variables required to update, it’s no wonder users find themselves confused when new software comes out. That confusion, however, is essential to the business model of a new scam that’s plaguing the Google Play Store. A new app is masquerading as an official update from Samsung — and it’s charging users for software that’s supposed to be free! Learn how this app is tricking ordinary users across the web, and what you can do if you’ve accidentally downloaded this program to your own device.
How is “Updates for Samsung” scamming Android users?
One of the best things about today’s technology products is the fact that they’re often supported by manufacturers throughout their lifetime. That typically translates to extended customer service, tutorials, and most importantly, free software updates.
Nearly every device-maker publishes their updates using notifications in their respective app stores or Settings app, but not everyone finds the process intuitive. Many users will skip entire updates just because they’re not sure how the process is supposed to go — leaving a perfect opportunity for scammers to pounce.
A perfect example of this phenomenon is the “Updates for Samsung” app, which is available for download on the Google Play Store. Billing itself as a repository for Samsung device updates, the app uses deceptive language to trick users into downloading it.
Once installed on a device and opened, the app redirects to an ad-filled website that charges users for device updates that are supposed to be free! The subscription, in case you’re wondering, starts at $34.99 per year for ordinary Samsung firmware updates that should cost exactly zero dollars.
Related: Nasty mobile ad fraud operation caught infecting apps in Google Play
This tactic is a double-edged sword for vulnerable Samsung users. Not only is it tricking people into paying money for services that shouldn’t cost anything, but it’s also forcing ads on people who shouldn’t be seeing them. This, in turn, generates surplus ad revenue for the app makers — helping them to extort more undeserved money from their victims.
The app’s deceptive nature was identified by a malware analyst at CSIS Security Group, a cybersecurity firm that helps to expose emerging threats. The app currently shows more than 10 million installs, and as of the time of this writing, it is still available for download on the Google Play Store.
What can Samsung users do to protect themselves?
As of now, the best defense against this scammy app is to not download it under any circumstance. If you’ve already downloaded it, however, there’s no reason to be alarmed (but feel free to be disappointed or annoyed.)
The updates that the app installs are actually genuine Samsung updates, but the biggest issue is the fact that there’s no reason for anyone to be charging for these pieces of software.
If you’ve already given the app your credit card in order to pay for your “update subscription,” your best course of action would be to delete the app and call your bank to inform them that the monthly recurring charges are the result of a scam. That will prevent you from engaging with the app any further and relieve you of the unnecessary payments.
Related: How to fix Google Play Store problems
As for genuine Samsung updates, they can be easily accessed on your device from the Settings menu by scrolling down to Software Update and following the instructions that appear on that page.
Any and all device manufacturers will use official channels to push their updates, so staying on the beaten path is the best way to make sure nobody is tricking you into unnecessary payments or downloads.
A scary thought: if it was this easy to trick people into downloading non-hostile downloads and paying for it, just imagine how easy it would be for a hacker to trick people into paying for malware! Stay safe out there, folks.