Fortinet warns against fake applications on Google Play

Google Play is the largest store with applications for devices equipped with Android. There are approximately 3.5 million applications available in it, and a further several dozen thousand are added each month. Unfortunately, not all of them are created for the benefit of users. On Google Play, you'll come across many potentially harmful applications that impersonate the most popular programs.

To fool users, the creators of fake applications use the similarity of icons and names, impersonating such programs as Messenger, Facebook or WhatsApp. Admittedly, according to Google's policy, such applications are not allowed in the store, however, as it turns out, many of them are available for a short time (from several days to several weeks). Some of them can achieve up to several hundred thousand downloads.


Examples of impersonating applications under WhatsApp

Another trick used by dishonest creators is to generate or buy positive app ratings. A high rating increases the credibility of the application in the eyes of a potential user.

How do fake Android apps work?

Analysts from Fortinet have checked three applications that impersonate WhatsApp.

The first of them had a transparent icon, so you could not see it on the list of applications on your smartphone. The user may not even be aware that it is installed on his device. The program fetches downloading updates for the official WhatsApp application. The application uses a library called startapp.android.publish to display ads when changing the screen and ultimately does not download any data. The app creator is apparently benefiting from every advertising issue.


It is only after sorting the application by the date of installation that one of them has a transparent icon.

The second analyzed by Fortinet specialists, the application worked in a similar way, displaying intrusive ads and screens with links, behind which could be hidden much more dangerous software - for example, secretly taking screenshots or intercepting SMS communication.

The third program differed from the previous ones in that it actually downloaded data to the device's memory. It was a modified version of WhatsApp offering, at least as described, additional features not available in the official version of the application. The user even received application installation instructions from sources other than Google Play. The application itself did not show any serious effects, but also displayed ads.

What to watch out for when installing the application?

Android users must be vigilant when downloading applications even from official sources such as Google Play. Check that the application name and icon are exactly as it should be. Even the slightest deviation from official identification should arouse suspicion.

It is worth paying attention to the number of installations and reviewing more than a few users' opinions - even if most of the false app's ratings are generated, often those who have been fooled will warn the others.

After installing the application, you must always look at the permissions required by it and be particularly careful about programs that want to download files from unknown sources - advises Robert Dąbrowski, head of the Fortinet engineering team.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.