In recent months we have witnessed quite a few reports from the Google play store hosting counterfeit apps, which are designed to trap users and earn money through ad farms. In the latest update, CSIS Security Group’s reports reveal that a fake app promising updates for Samsung phones has been installed by over 10 million Android users.
The fake Samsung app named as “Updates for Samsung” that promises firmware updates. But after installing, it redirects Android users to an ad-filled website and charges for firmware downloads that charged money for downloading the update. A malware analyst Aleksejs Kuprins told that he had contacted the Google play store app and asked them to remove the app. The app takes advantage of the difficulty in getting firmware and operating system updates for Samsung phones, hence the high number of users who have installed it.
A security researcher explains the whole situation, it wouldn’t be right to judge people for mistakenly going to the official app store for the firmware updates after buying a new Android device. Some sellers bundle the phone’s Android operating system development with an intimidating number of software, maybe that’s why it can easily get confusing. Because of this, a user could fee a bit confused about the update procedure. Thus can make a mistake of going to the official application store to look for a system update.
The “update for Samsung” app promises to solve this problem for non-technical users by providing a centralized location where Samsung phone owners can get their firmware and OS updates. But as per Kuprins, every app which has no affiliation to Samsung only loads the updato[.]com domain in a WebView (Android browser) component. If you check the app’s reviews, you can see hundreds of users complaining that the site is an ad-infested hellhole where most of them can’t find what they’re looking, and that’s only when the app works and doesn’t crash.
The website does offer both free and paid Samsung firmware updates. But after digging through the app source code, the website tends to limits the speed of free downloads to 56 KBps, and some free firmware downloads eventually end up timing out. Also, it shadowed all the free downloads and pushes users to purchase a $34.99 premium package to be able to download any files.
The major problem here is that app breaks Play Store rules and uses its own payment system, instead of using the one provided by the official store. Because of this, the system opened to have payment data intercepted or logged by a third-party, rather than being handled by Google’s secure and better-protected payment channel. The app also offers a $19.99 SIM card unlocking service yet it is unclear if this functions as per the official rules, or is just another money-grab.