Fake WhatsApp Removed From Google Play After Millions Of Downloads

A fake version of the popular communications application WhatsApp racked up more than one million downloads on Android devices through the Google Play Store before it was finally removed by Google.

The application, which was found in the official app marketplace run by Google, was listed under the name “Update WhatsApp Messenger” and was plagued by advertisements and other malicious code that attempted to use a person’s device to generate profit for its creators.

The fake version of WhatsApp was first spotted by Reddit users posting in the Android subreddit. A user going by the name E_x_Lnc first brought it to the attention of the community, and the post quickly gained traction as people began examining the source code and origins of the app.

According to reddit user Dextersgenius, the fake WhatsApp doesn’t seek the standard, invasive permissions that many malicious apps attempt to gain access to. The app requested only internet access but used that access to download and install a second Android Package Kit (APK) that may have been used for more nefarious purposes.

According to the Redditor, the app attempted to hide the second APK—a standard installer for Android applications—by having a blank icon and not putting a title on the app so the user wouldn’t be able to identify it.

Complicating the task for the average user of differentiating between the fake and real version of WhatsApp was the fact that the fake app had the exact same developer listed on its app page—or at least it appeared that way. In actuality, there was a barely noticeable, additional space placed after the name “WhatsApp Inc.” that made it next to impossible to recognize the app came from a developer posing as WhatsApp.

The space after the app developer’s name wasn’t as simple as just a standard tap of the space bar, which Google’s automated system can often identify as a deceitful attempt to trick users into thinking an app is something it isn’t. Instead, the space was made using a Unicode character that looks like a space, allowing to to bypass Google’s scanners.

“I can confirm that the app was removed from Google Play and the developer account was suspended for violating our program policies,” a spokesperson for Google told International Business Times.

Google has put a significant amount of work into taming the Google Play Store and removing malicious apps from its ranks—a problem that has long plagued the service and the Android platform as a whole.

In May, the company rolled out its Play Protect feature that was designed to scan applications for malicious behavior even after they are installed on a user’s device. The process was intended to crack down on apps created by bad actors that would had their true intentions in ways that Google’s malware scanner couldn’t always catch, such as encrypting the malicious payload until the app is installed on a device.

Despite the changes, Google has still run into its fair share of issues as it attempts to clean up the Android platform and its official app marketplace.