Cell Phone people talking
A man talks on his cell phone. Reuters

Until Sunday night, the top new paid app on the Google Play store was a complete scam. Google Inc. (NASDAQ: GOOG) quickly removed “Virus Shield” from the Google Play store, but not before thousands of people downloaded the fake antimalware app, exposing a major flaw in the open strategy Google has taken with its mobile app marketplace.

"Virus Shield" claimed that it protected Android smartphone users from viruses, malware and spyware, and that it even improved the speed of phones. It touted its minimal impact on battery life and its additional functionality as an ad blocker. At only $3.99, "Virus Shield" sounded like a pretty good deal to the tens of thousands of people who downloaded it in less than two weeks.

Virus Shield downloads
Virus Shield downloads Google Play Store (screenshot by Android Police)

Those 10,000 people even seemed to enjoy "Virus Shield," as the app maintained a 4.7-star rating from about 1,700 users. Another 2,607 users recommended it on the Google Play store, helping “Virus Shield” get ranked as the No. 1 new paid app and third overall top paid app.

Virus Shield 3rd overall paid app
Virus Shield was ranked the third best overall paid app before it was removed by Google. Google Play Store (Screenshot By Android Police)
Virus Shield top new paid app
Virus Shield was tanked as the top new paid app on the Google Play store before it was removed. Google Play Store (Screenshot By Android Police)

According to Android Police, the app didn’t do any of the things it claimed. "Virus Shield" simply changed a red “X” into a red checkmark, leading users to believe their phones were safe. Android Police dug into its code to confirm that it was “totally and completely devoid of any security benefit.” More than 10,000 people spent four dollars on a useless piece of code.

Virus Shield Red X
Virus Shield Red X Screenshot by Android Police
Virus Shield Red Check
Virus Shield Red Check Screenshot by Android Police

No developer was listed on the Google Play Store, but the email address was matched to an account that had been banned from forums for trying to scam people. Critics of the site's security flaws say the customizable nature of the Android operating system and Google’s open app store, by design a rejection of closed-system philosophy that defines Apple’s mobile ecosystem, allows this kind of scam to happen.

The rules governing how Apple decides which apps are suitable for the iTunes store are notoriously strict, and every app must be approved by Apple before it's available for download. Some critics complain that Apple's guidelines are too strict or restrict free speech, but many Apple users are quick to say they prefer the security and safety advantages of iOS' so-called “walled garden” philosophy, and now they have a valid point: It’s doubtful something like "Virus Shield" would even make it into the iTunes Store, let alone become its top mobile app.

Android users may prefer an open information ecosystem to Apple’s walled garden, but this whole "Virus Shield" incident makes it pretty clear that something has to change. An app this obviously fake shouldn’t have been allowed to scam thousands of people and be featured as a “top app” before it caught Google’s attention.