One of the security enthusiasts arguing the case on Reddit steered out that this was not a separate incident, even for WhatsApp. A hunt for “WhatsApp” on Google Play currently shows no fewer than seven spoof apps using insignificant variations on the developer name “WhatsApp Inc.”, including variants with extra spaces, asterisks, or commas. All of them have four-star review averages, probably thanks to the industrial-scale subversion of Play’s review policy.
This is the advanced in a long string of events in which Google has shown little importance in attempting to protect Google Play users. In prior events, security experts or unlucky users have encountered malware in endangered messaging apps, in a line of popular children’s games, and even in fake variants of Pokemon Go.
In this case, Google’s incompetent to protect WhatsApp’s intellectual property has an extra dimension WhatsApp is owned by Google’s original competitor for online advertising revenue, Facebook.
Using a Unicode “white space,” the developer of the fake was able to make it seem as though WhatsApp Inc. was the developer, representing the developer title used on the real WhatsApp app. Google does not allow apps that mimic a title or logo. Using the Unicode whitespace tricked Google’s computerized security into considering that the developer name was different than the one listed on the probable WhatsApp app. The public, however, couldn’t see the Unicode number the developer name on the fake was really classified as WhatsApp+Inc%C2%A0 and was thus fooled into considering that the spoofed listing was created by the exact same developers accountable for the legitimate Google Play Store listing.
While the purpose of the fake app was to create income for the developer by posting ads, the same tactic could have been worked to steal personal data from the more than one million people who signed up for the app. Nikolaos Chrysaidos, a defense researcher at anti-virus company Avast, says that this kind of spoofing has been done many times before. He cited a fake Facebook that was downloaded ten million times.
Take your time to comment on this article.
Latest posts by Harikrishna Mekala (see all)
- A Serious Security Flaw Found in LibSSH - October 19, 2018
- Flaws in Branch.io Affected Over 685 Million Users - October 17, 2018
- Microsoft Store Has Been Hosting an Ad Clicker Disguised as a Google Photos App - October 16, 2018