A fake version of popular messaging app WhatsApp has been found on Google Play Store. The app named "Update WhatsApp Messenger" has been downloaded over one million times, indicating the number of users who have fallen prey to the fake app.
The listing for the app on Play Store shows the developer name as 'WhatsApp Inc" same as the company behind the actual WhatsApp app. As explained by The Hacker News, the people behind this fake WhatsApp app used a Unicode trick to make the title of developer looks as authentic as the company behind real WhatsApp app. The developers of the fake app added an invisible character space in the actual company name "WhatsApp+Inc%C2%A0" to make it appear like authentic application.
Source: The Hacker News
A Redditor named DexterGenius spotted the fake app and decompiled it to understand the rogue behaviour. The thread notes that installing the app doesn't ring any alarm bells and it runs the real Android app overlaid with advertisements. "The app itself has minimal permissions (internet access) but it's basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk.' The app also tries to hide itself by not having a title and having a blank icon," DexterGenius wrote in the post.
The fake app has been declared as an adware and removed from the Play Store since it was spotted by Redditors. Google has been streamlining its process to certify apps and recently took down a lot of apps found to be spyware or adware. It also announced a bug bounty program to make Android apps more secure. However, the surprising part is that Google Play Protect aimed to warn users of malicious apps could not detect the foul behaviour.
Google told The Register that it "is looking into the matter" of fake WhatsApp app being distributed via Play Store. The company must probably introduce more stringent norms to test and certify apps before developers distribute them on Play Store.