Google Play is implementing more and more strict rules to ensure that the platform does not turn into a breeding ground for fake apps. But every now and then, security researchers spot fake Android apps duping users. This time a fake Samsung app has been spotted by the CSIS Security Group trying to mint money from users by charging them for firmware updates.
The app goes by the name “Updates for Samsung” and has more than 10 million downloads. It promises firmware updates for Samsung devices but when a user opens the app, it redirects users to a website full of ads and also demands money for the updates.
One of the reasons why the app managed to fool more than 10 million users is the fact that it is difficult to grab hold of firmware updates and OS updates for Samsung smartphones. Most people are unaware of the system update procedure and hence look for easy methods in the form of apps on Play Store.
The fake “Updates for Samsung” app gained users’ attention by promising a simplified way to provide firmware updates even for those with little technical know-how.
According to a malware analyst from CSIS Security Group, the app limits the speed of free downloads to 56KBps and the downloads eventually time out. The app intentionally times out downloads and then asks users to purchase a $34.99 subscription to download firmware updates.
The main issue with the app is that it uses its own payment system instead of directing users to the payment methods offered by the Google Play Store. It is against the rules of the Play Store as the third-party payment channel could intercept users’ banking information.
The app was taken down by Google after the researchers reported it, but the fact that the app had 10 million+ downloads shows that a lot of work still needs to be done to make Google Play safe for users.