Despite all of Google’s effort to prevent malware from being transferred to its official Play store Mobile App, the company has continued tripping up-to with a very alarming regularity as of late.
The most recent occurrence includes a phony version of the Whatsapp messenger for Android devices with at least 1million downloads over the past few days before Google got rid of it on Sunday after getting the information from Reddit users.
The ad-purpose app was masked to seem like a new Whatsapp update and was one of the many fake Whatsapp versions on Google Play Store reported by users in recent days. On November 5 a security analyst from Avast Antivirus tweeted a screenshot of what seemed to be icons of about 8 fraudulent Whatsapp versions on Google Play Store.
In a statement on November 6, a Google representative said the Whatsapp version with over a million downloads, has been deleted from the store.
The company announced that the developer concern from which the phony version was uploaded has been penduloud as well, for violation of the company’s Terms of service.
The revelation and banishment of the fake Whatsapp application are the most recent in an undeniably humiliating series of occurrences where users have discovered phony software on Google Play Store – which ought to be the most secure source of Android applications.
In recent years, the company has enforced numerous automated security measures to scrutinize applications for malware before they can be uploaded to the store. Google has enforced software to pinpoint and block malicious apps running on Android gadgets and checking developers’ identities as well as preventing those with a history of violation.
The rogue app didn’t cause much damage
The developer was able to sneak the fake app into Play Store by tweaking it so that the application had the same name and icon with the original Whatsapp application. In this case, the rogue application was relatively harmless since its sole purpose was advertisements, but it could have been a different outcome if the payload had been more hazardous.
Reddit users wondered how Google Play Store securities could permit such a simple logic to work on their platform. “Their system doesn’t make the most basic checks” a user who posted as JBWalker1 said on Reddit.
Google upgrades its vetting process
In its announcement, the company said all applications submitted to Google Play Store are automatically scrutinized for conceivably malicious codes. Google also set up a new app review procedure to pinpoint violators as early as possible.