Over a million people have been tricked into downloading a fake version of WhatsApp. The app, called “Update WhatsApp Messenger”, had been disguised to look just like the real deal.
However, all it actually did was bombard users with ads and try to get them to install another dodgy programme. Apart from having a slightly different name to the actual version of – WhatsApp which is listed as “WhatsApp Messenger” in the Google Play store – Update WhatsApp Messenger looked very convincing.
As noted by the Reddit user who first spotted it, it used the official WhatsApp logo and had a high user rating of 4.2 stars.
What’s more, it even appeared to have been developed by WhatsApp Inc., the creators of the real WhatsApp app.
According to Hacker News, the people behind the fake app managed to pull off this trick by adding an invisible Unicode character space to the end of the name, which in computer code reads “WhatsApp+Inc%C2%A0”.
The app has now been taken down by Google, but dextersgenius, a Reddit user who downloaded it while it was still available, has described what it did.
“The app itself has minimal permissions (internet access) but it’s basically an ad-loaded wrapper which has some code to download a second apk, also called ‘whatsapp.apk’,” he said. “The app also tries to hide itself by not having a title and having a blank icon.”
The fact that over a million people managed to download it before it was taken down is a cause for concern.
Google is supposed to protect Android users by blocking fake and malicious apps from the Play store, and it’s clear that the company’s security system isn’t foolproof.