The Google Play Store has always been a haven for cybercriminals who have been plaguing it with malicious apps, all thanks to the Play Stores poor security check system.
This week Cybercriminals uploaded a fake version of the WhatsApp application and then managed to fool over a million Android users into downloading the app.
Dubbed "Update WhatsApp Messenger", the fake app which was discovered by some a Reddit user was said to be bearing the same title used with that of the original WhatsApp developers which is "WhatsApp Inc." The title of the developer made Android users to believe that the app was coming from the real developers.
I know that you will be wondering how the miscreants managed to upload into the Play Store such app bearing the same title with that of the original developers. Well, this was made possible all thanks to a Unicode character space.
The app maker added a Unicode character space after the WhatsApp Inc name which reads as WhatsApp+Inc%C2%A0 in computer. However, the cod added at the end of the WhatsApp title would be invisible to users browsing the Play Store as what they would see instead would be WhatsApp Inc which makes it to masquerade as the product of WhatsApp Inc.
Those who installed it said the app downloads and runs the real WhatsApp application served with advertisements all wrapped around it.
"I've also installed the app and decompiled it," One Reddit user said. "The app itself has minimal permissions (internet access) but it's basically an ad-loaded wrapper which has some code to download a second apk also called 'whatsapp.apk.' the app also tries to hide by not having a title and having a blank icon."
Google has removed the fake app from the Play Store although Android users are wondering if Google is ever going to win the war against such on its platform.
Google have been trying hard in combating fake and malicious program son the Play Store but still malicious programs keep beating their security system to find their way into the store. There are over hundreds of malicious apps on the Play Store
Recently, Google launched a Bug Bounty Program, a system aimed at rewarding researchers for bugs discovered on Apps in the Play Store.