Before it was flagged and removed, one of the most successful apps on Google Play for over a week was an "antivirus" app that did nothing other than change an image.
Buying on Google Play store is something that everyone does... and yes we do it if its one of the top apps in google play store. Everyone wants new fancy apps to flaunt. But heres how you can be tricked ! VIRUS SHIELD's developer can be compared to Mr Ocean ! :D
Most mobile-minded hackers use third-party app stores and repackaged apps to make money via bogus ad views or to turn your handset into a virtual currency mining rig but one recent developer took a completely different approach to game the system.
An app called Virus Shield hit the Google Play Store a little over a week ago. It promised to prevent harmful apps from being installed on your device and could scan apps, settings, files and media in real-time – all with a low impact on battery life and zero advertisements.
With a simple user interface and one-touch virus protection, it climbed the ranks and became the #1 new paid app with more than 10,000 downloads and a 4.7-star rating despite its $3.99 price tag. "Virus Shield" claimed that it protected Android smartphone users from viruses, malware and spyware, and that it even improved the speed of phones. It touted its minimal impact on battery life and its additional functionality as an ad blocker.
Thanks to the impressive reporting of Michael Criber over at Android Police, the app doesn’t protect your device. And no, I don’t mean that it sucks at its job – it flat out doesn’t do anything. When “activated” by the user, all it does it change the onscreen icon from an “X” image to a “check” symbol. That’s it.
The publication decompiled the app and even mirrored the Java code on GitHub so you can check it for yourself. And since that time, a number of Google+ users have also confirmed its bogus nature.
Those 10,000 people even seemed to enjoy "Virus Shield," as the app maintained a 4.7-star rating from about 1,700 users. Another 2,607 users recommended it on the Google Play store, helping “Virus Shield” get ranked as the No. 1 new paid app and third overall top paid app.
Google has since pulled the app from the Play Store but the damage has already been done and the fraudster likely made quite a bit of money in the process. But more worrisome is the fact that it highlights just how easy it is to get a bogus app into Google’s official marketplace in the first place.
No developer was listed on the Google Play Store, but the email address was matched to an account that had been banned from forums for trying to scam people. Critics of the site's security flaws say the customizable nature of the Android operating system and Google’s open app store, by design a rejection of closed-system philosophy that defines Apple’s mobile ecosystem, allows this kind of scam to happen.
The rules governing how Apple decides which apps are suitable for the iTunes store are notoriously strict, and every app must be approved by Apple before it's available for download. Some critics complain that Apple's guidelines are too strict or restrict free speech, but many Apple users are quick to say they prefer the security and safety advantages of iOS' so-called “walled garden” philosophy, and now they have a valid point: It’s doubtful something like "Virus Shield" would even make it into the iTunes Store, let alone become its top mobile app.
Android users may prefer an open information ecosystem to Apple’s walled garden, but this whole "Virus Shield" incident makes it pretty clear that something has to change. An app this obviously fake shouldn’t have been allowed to scam thousands of people and be featured as a “top app” before it caught Google’s attention. Google doesn't police its app store but it does offer a way for customers tocomplain about inappropriate or sketchy programs.
Just about anyone can sell an app through the Google Play store with very little interference from Google. While many Android users and developers prefer this open-source platform to Apple's tightly controlled App Store, others have found that it's all too easy to scam Google Play patrons by uploading a fake app, purchasing the app a few times, writing some good reviews, then watching users fall prey to the "everyone else is downloading this, so it must be good" groupthink.
In March, two apps on the Google Play store were found to be mining cell phones for dogecoin and litecoin (cryptocurrencies similar to bitcoin) without telling users, according to a TrendLabs report. "Mining" a victim's wallet -- not to be confused with the perfectly legal act of mining cryptocurrencies -- is a complicated process that sends coins to a "mining pool" to be copied before being transferred straight to the cybercriminal's wallet several times.
No comments:
Post a Comment