Mobile Security
GearBrain
Fake, advert-filled WhatsApp for Android downloaded over one million times
App even appeared to be produced by WhatsApp Inc.
App even appeared to be produced by WhatsApp Inc.
A fake version of the popular WhatsApp messaging application has been downloaded over one million times from the Google Play Store.
The bogus app, which contained no messaging service but instead pushed out ads and links to download more dubious and fake applications, was called Update WhatsApp Messenger.
The application used the same logos and corporate branding as the real Facebook-owned WhatsApp, and even appeared to have been created by "WhatsApp Inc." On closer inspection, though, the developer name has an invisible space at the end — allowing it through Google's Play Store filters.
The fake version of WhatsApp had been downloaded over one million times , according to its Play Store listing, before Google removed it over by the end of the day November 5. The app claimed to have a 4.2 star rating from over 6,000 users — reviews likely spoofed by Google accounts controlled by the app's creator.
Reddit users, downloading the app out of curiosity, found it full of adverts — similar fake apps, or malicious apps potentially ridden with malware. Once installed, the app attempted to hide itself by having a blank icon and no name.
Fake WhatsApp Update on #GooglePlay . Under the "same" dev name. Incl. a Unicode whitespace. One Million downloadshttps://t.co/qjqxd6n6HP pic.twitter.com/dmvTksqpuP
— Nikolaos Chrysaidos (@virqdroid) November 3, 2017
"I've installed the app and decompiled it," said one Reddit user. "The app itself has minimal permissions (internet access) but it's basically an ad-loaded wrapper which has some code to download a second [application], also called 'whatsapp.apk'".
Fake, and potentially malicious applications, on the Google Play store is nothing new. Fake reviews are also commonplace —appearing in huge numbers below applications of poor quality. GearBrain found an app called Beta Updater, which claims to let WhatsApp users install beta versions before they are more widely released — something which can already be done in WhatsApp's official Play Store listing.
An app called Messenger, which uses an icon similar to that of Facebook's Messenger app, has been downloaded over 10 million times and has a 4.2 star rating. Some of the five-star reviews contain just one word. But there are other reviewers who do note that the app is a rip-off of Facebook's Messenger and full of ads.
This is horrible.. minefield pic.twitter.com/xD9ozJP5P9
— Cristian Vat (@deathy) November 4, 2017
As is common in apps built to look similar to WhatsApp — including one called WhatsUp — the Beta Update app is littered with five-star reviews calling it "good" and "awesome," as well as one-star reviews calling it fake and explaining why it does not work.
Google said it was cracking down on fake Play Store reviews a year ago, but they are still easy to find. We also found how 'WhatsUp Chat Messenger' changes its name to 'The Messenger' when downloaded and installed — removing our trust in the app working correctly.
GearBrain has contacted Google and WhatsApp for comment, and will update this article when we get a reply.
GearBrain Compatibility Find Engine
A pioneering recommendation platform where you can research,
discover, buy, and learn how to connect and optimize smart devices.
Join our community! Ask and answer questions about smart devices and save yours in My Gear.