Google Play Store has been on the top list of many cyber criminals during the last few years as it has been attacked numerously by different hackers. WhatsApp, being the most popular messenger app, has shown its vulnerability as a counterfeit version of the app. It was found on Google’s official Play Store.
According to some users, a fake WhatsApp messenger app for Android is being downloaded extensively as it appears exactly similar to the original version. As per another news report, within a span of a few days, more than one million users have succumbed to this scam and downloaded the counterfeit version.
The brain behind the scam is an app developer who launched an Update WhatsApp Messenger. He replicated the original WhatsApp service with the title “WhatsApp Inc”. Note that this is the same title which is used by real WhatsApp Messenger on Google Store.
Copied Unicode Character of WhatsApp
The developer played it smart using the same title as the original WhatsApp by applying a Unicode character space. This was added after the legit name of WhatsApp Inc. that was read as WhatsApp+Inc%C2%A0 in the computer coding language.
The trick is that the hidden character space at the end of WhatsApp Inc. would not be visible to any regular android user searching on Google Play Store. As a result, the fake version appears as the original app to most of the users. In layman terms, although the title used by the developer is actually different from real WhatsApp title, but it looks exactly same to a regular user.
Some Reddit users identified the difference last week. According to them, the fake WhatsApp is not a messenger service, instead it is filled with advertisements to download other apps.
A Reddit user said:
“I’ve also installed the app and decompiled it. The app itself has minimal permissions (internet access). However, it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk’. The app also tries to hide by not having a title and having a blank icon.”
Google’s security standards have loopholes
Although Google has responded quickly to this scam and removed the fake version from its Play Store but one cannot deny that its security weaknesses have been explicitly revealed with this incident. This episode should raise a red flag for Google. Apparently, it appeared a simple task for any developer to attack one of the most popular messenger apps of all times via Google’s platform.
Despite many security barriers, Google is still facing countless attacks on its Play Store. The attacks are consistently breaching Google’s security systems and infecting its user base. In addition, it has been reported that Google is still infected with many malware apps that manage to fool users into downloading and installing them into their phones. Thereby, infiltering smart phones of many Google Play Store users.
Thus, it is advisable for users to stay alert. Moreover, they should also cross check before downloading any app from both third party and official Play Store.