Imagine this situation: you read an article about the new message erase feature of WhatsApp like this one. You want that function, obviously. So you enter the Google Play Store and search for “WhatsApp update” to find that latest version that will give you what you want. You run into an application that has little or nothing to do with the original WhatsApp. Of course, you discover it late because it imitates perfectly the download page of WhatsApp itself in the Google Play Store. The rest you can imagine abusive advertising, possible theft of sensitive information, etc. etc. If you are one of those who thinks “that does not happen to me”, you can consult it with the million people who have fallen for this trick.
A fake but famous application
Every few weeks a new piece of news about the insecurity of the Google Play Store comes to the fore. And it’s not that I’m insecure per se, it’s that every time the scam artists’ occurrences are finer and calculated. The last? Clone the WhatsApp download page, as well as your developer name. All this to deceive more than one million users. Spoiler alert: the problem has already been solved.
From Reddit, we learned that some very clever developers have discovered the formula to imitate the download page of WhatsApp. They copy everything except the name, which in this case was Update WhatsApp Messenger. Enough to get less educated users to click on the Install button. At least the trick has been given in English, so it is unlikely that you have fallen for the deception.
Fake WhatsApp Update on #GooglePlay . Under the “same” dev name. Incl. a Unicode whitespace. One Million downloadshttps://t.co/qjqxd6n6HP pic.twitter.com/dmvTksqpuP
— Nikolaos Chrysaidos (@virqdroid) November 3, 2017
Where is the security of Google Play?
The key to all this has nothing to do with the security measures of the Google Play Store. Or at least you have to be clear that the false application was safe, as far as we know. The key is in phishing or imitation technique to confuse users. But how could a developer on foot simulate being the WhatsApp itself? Being very skillful and thanks to the emoticons.
The images in the WhatsApp download profile are really easy to copy. At the end of the day, they are accessible to everyone in the Google Play Store. You just have to use them when submitting the fake application to be published. What’s really interesting comes when it comes to copying the developer’s name. One of the keys that can tell us if we are facing a fake or not.
If we are facing two applications of identical appearance, it is best to attend to the name of the developer. This would give us the key to whether WhatsApp Inc, the original developer, is the creator. Here the smart developer what he has done has been to copy the original name but using a smiley or blank symbol between “WhatsApp” and “Inc”. So, technically, it does not turn out to be the same name, but it does look the same on the download screen.
More than a million affected
With all this, the fake version of the application, which obviously does not offer any WhatsApp service, has collected more than one billion downloads. But it can also boast of having mocked Google in its imitation adventures. It must be a secure application to be in the Google Play Store, but it may have generated benefits thanks to abusive advertising and other techniques thanks to the name of WhatsApp. And, of course, thanks to the ignorance of the users.
The problem is already solved. And, apparently, changing images and name in Google Play Store is a quick and hassle-free process. Now the fake application is still there, but with another name and another different aspect. Of course, ou has to avoid installing it, like any unofficial application, despite being secure.
It is clear, then, that despite the security barriers, in the end it is the user who has to protect himself. Of course, these cases make us think very much every step we take in the app stores. And it seems that looking at the name of the developer and respond to the comments of other users may not be enough.