These past few months Google Play Store has been subjected to a couple of malware attacks and as much as the tech giant tried to prevent malware from being uploaded to its Play Store, unfortunately they’ve done a poor job in doing so and they just keep tripping up no matter how hard they try with almost an alarming regularity in the previous months. And now, Google is once again put to the test as another malware incident concerning WhatsApp instant messenger for Android has affected at least a million users. This latest incident involves a fake version of WhatsApp which was downloaded a million times over the past few days before Google was able to remove it on Sunday after they were informed of the issue by some Reddit readers.
The ad serving app was disguising as a fake WhatsApp update and was one of the several fake WhatsApp versions that were reported by users in the past few days. On November 5, 2017, An Avast Antivirus security researcher had posted a screen shot on Twitter of what seem like icons for at least eight fake WhatsApp versions in Google Play.
A Google spokesperson stated in an emailed statement on Nov. 6 that the WhatsApp fake version was already removed from the Play Store after it was downloaded over one million times. Well obviously, it’s a little too late for that now, isn’t it? The company also added that the developer account where the fake WhatsApp update was uploaded has already been suspended for violating Google’s terms of service – again, too late.
This latest discovery and removal of the fake WhatsApp version adds in the increasingly embarrassing string of break-in incidents in the Google Play Store where it was discovered by outsiders. It’s definitely another punch to Google’s gut as what supposedly is the most secure source for Android apps has once again, failed to live up to users’ expectations, security wise.
Just in mid-October, Symantec also reported about finding at least eight malware-laden apps in the Google Play Store which have been downloaded by as many as 2.6 million Android users all over the globe. And there are at least five other security vendors which made the same disclosures so far this year.
In the past two years, Google has already implemented tons of automated measures to scan all Android apps for malware before they can even reach Google Play. The tech giant has applied and implemented a program that identifies and blocks any malicious apps that are running on Android devices as well as policies to screen app developers’ identities and blocks those who have previous violations. Last month, Google even launched a new bug bounty program which offered a reward that reaches up to $1,000 for anyone who can identify any bugs in Android apps. However, all these security measures seem to be futile as it hasn’t able to stop rogue developers from spreading malicious app in the Play Store.
On this latest happening, the fake WhatsApp developers simply used a couple of Unicode characters and blank spaces to trick Google Play’s name check systems to make them believe that the malicious app is genuine and safe. The malware’s developer(s) was able to sneak the fake app into the Play Store easily by making it seem that the app had the identical name and icon and was from the very same software developer of the real WhatsApp. Thankfully, the malicious app was only relatively benign as it only served up ads to users, however, that does not change the fact that the outcome could have been different if the app had been more malignant.
A number of Reddit users are puzzled as to how Google Play’s defense could let such thing, which uses only a simple tactic gets past their eyes. A user posting as JBWalker on Reddit said, “Their system doesn’t even make the most basic checks.”
Normally, whenever an app is uploaded which seems to be similar to a popular app, should be flagged for a manual review and not be made available for immediate download, JBWalker added.
Google in its statement said that all the apps that the apps submitted to Google Play are scanned automatically for any potentially malicious code. They also have a new app review process which aims to catch policy offenders earlier in the process. “But as we continue to make improvements to our review system, we still rely on the community of users and developers to flag apps for additional review,” Google also added.