Date:06/11/17
A fake WhatsApp listing on the Google Play Store drew over one million installations from Android users before Google removed the app from the store. Google also suspended the developer for violating Google's policies. Luckily for those who did install the app, the only thing it did was push ads for other apps. Reddit users blew the whistle on the app yesterday as Google apparently didn't spot the fake. The spoof used the name "Update WhatsApp," and included the WhatsApp logo to make it appear as though the phony was an official update to the very popular messaging app.
Using a Unicode "white space," the developer of the fake was able to make it appear as though WhatsApp Inc. was the developer, copying the developer title used on the real WhatsApp app. Google does not allow apps that impersonate a title or logo. Using the Unicode white space tricked Google's computerized security into thinking that the developer name was different than the one listed on the legitimate WhatsApp app. The public, however, couldn't see the Unicode symbol (the developer name on the fake was really listed as WhatsApp+Inc%C2%A0) and was thus fooled into thinking that the spoofed listing was created by the exact same developers responsible for the legitimate Google Play Store listing.
While the intent of the fake app was to create revenue for the developer by posting ads, the same tactic could have been used to steal personal data from the more than one million people who signed up for the app. Nikolaos Chrysaidos, a security researcher at anti-virus company Avast, says that this kind of spoofing has been done many times before. He mentioned a fake Facebook that was downloaded ten million times. Google continues to try and rid the Play Store of such fake apps.
Fake WhatsApp listing draws over one million downloads from the Google Play Store
A fake WhatsApp listing on the Google Play Store drew over one million installations from Android users before Google removed the app from the store. Google also suspended the developer for violating Google's policies. Luckily for those who did install the app, the only thing it did was push ads for other apps. Reddit users blew the whistle on the app yesterday as Google apparently didn't spot the fake. The spoof used the name "Update WhatsApp," and included the WhatsApp logo to make it appear as though the phony was an official update to the very popular messaging app.Using a Unicode "white space," the developer of the fake was able to make it appear as though WhatsApp Inc. was the developer, copying the developer title used on the real WhatsApp app. Google does not allow apps that impersonate a title or logo. Using the Unicode white space tricked Google's computerized security into thinking that the developer name was different than the one listed on the legitimate WhatsApp app. The public, however, couldn't see the Unicode symbol (the developer name on the fake was really listed as WhatsApp+Inc%C2%A0) and was thus fooled into thinking that the spoofed listing was created by the exact same developers responsible for the legitimate Google Play Store listing.
While the intent of the fake app was to create revenue for the developer by posting ads, the same tactic could have been used to steal personal data from the more than one million people who signed up for the app. Nikolaos Chrysaidos, a security researcher at anti-virus company Avast, says that this kind of spoofing has been done many times before. He mentioned a fake Facebook that was downloaded ten million times. Google continues to try and rid the Play Store of such fake apps.
Views: 279
©ictnews.az. All rights reserved.
Similar news
- Azerbaijani project to monitor disease via mobile phones
- Innovative educational system to be improved under presidential decree
- NTRC prolongs license of two TV and radio organizations for 6 years
- Azerbaijan establishes e-registry for medicines
- Azerbaijani museum introduces e-guide
- Nar Mobile opens “Nar Dunyasi” sales and service center in Siyazan city
- International conference on custom electronic services held in Baku
- OIC secretary general to attend COMSTECH meeting in Baku
- Azerbaijan develops earthquake warning system
- New law to regulate transition to digital broadcasting in Azerbaijan
- Azerbaijani State Social Protection Fund introduces electronic digital signature
- Intellectual traffic management system in Baku to be commissioned in December
- Tax Ministry of Azerbaijan started receiving video-addresses
- World Bank recommends Azerbaijan to speed up e-service introduction in real estate
- Azerbaijan to shift to electronic registration of real estate
