The fraudulent developer managed identify themselves as ‘WhatsApp Inc.’ on Google Play, bypassing the company’s filters
A mobile app pretending to be WhatsApp was downloaded more than 1 million times from the official Google Play online shop before Google removed it.
The incident is the latest in which suspect software has made it through the automated filters Google uses to approve items for its Android repository, and is one of the more successful examples.
The app was called “Update WhatsApp Messenger”, and users on Reddit noted that its developer made their identity appear on Google Play as “WhatsApp Inc.”, identical to that of the real program.
The fraudulent developer added a special character known as a Unicode space at the end of their identifier, something invisible to the naked eye, said users commenting on social media.
After the program was flagged by users late on Friday the developer changed its name and their developer ID, users said. The program has now been removed by Google.
A developer writing on Reddit said the fake WhatsApp displayed ads and downloaded additional software.
It also tried to conceal itself by having a blank icon and an empty app name, said the user, writing under the handle “dextersgenius”.
The extra character could be viewed by looking at the page’s source or long-pressing the developer ID in a web browser, users said.
Google didn’t immediately respond to a request for comment.
The fake WhatsApp software appears to have been relatively benign, but other fraudulent apps have been more harmful, such as malware disguised as Minecraft mods that redirected users to scam sites.
Security firm ESET found that malware earlier this year in 87 apps on Google Play that had a combined total of nearly 1 million downloads.
Do you know all about security in 2017? Try our quiz!