Google removed the potentially malicious app from Google Play shortly after it was spotted
More than a million people have downloaded a fake version of WhatsApp onto their Android devices before Google could block the app and remove it from the Google Play store.
The Update WhatsApp Messenger App appeared in Google’s official Android application marketplace and was labeled as being made by WhatsApp Inc – the maker of the genuine free messaging app. However, the developer had actually used a special character rather than a regular space to overcome name duplication issues.
It’s not clear what the developers behind the fake app wished to do, nor whether it managed to steal any data from devices (or install malware), but this didn’t stop Reddit users complaining about Google allowing the fake app into Google Play in the first place.
Those who had downloaded the app reported it contained adverts, which could contain malicious code, reported the BBC. What amazed Reddit members was that it was listed with a “Play Protect” icon, which was developed by Google to protect users against any damage caused by malicious apps.
One savvy user even unpackaged the file to see what was contained in the app, reporting: “The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called “whatsapp.apk”. The app also tries to hide itself by not having a title and having a blank icon. This is how it looks like in the Settings – Apps screen: https://i.imgur.com/y9qAxbV.png.”
Both Google and WhatsApp reassured users that anyone downloading an update to the real messaging platform would not have been affected by the fake app and they can continue using the genuine application as normal.
Main image credit: cyberhades on Flickr. Used under Creative Commons license.
This article originally appeared at itpro.co.uk