Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake WhatsApp App Downloaded 1 Million Times (fortune.com)

Posted by EditorDavid on from the not-the-Android-app-you're-looking-for dept.

An anonymous reader quotes Fortune: Reddit users yesterday spotted an extremely convincing spoofed copy of the popular WhatsApp messenger on Google Play. The fake was downloaded by more than 1 million users, who instead of a messaging tool wound up with a bundle of ads... The fake WhatsApp was nearly indistinguishable from the real thing thanks to an invisible space placed at the end of the developer's name.

One of the security hounds discussing the case on Reddit pointed out that this was not an isolated incident, even for WhatsApp. A search for "WhatsApp" on Google Play currently shows no fewer than seven spoof apps using slight variations on the developer name "WhatsApp Inc.", including versions with extra spaces, asterisks, or commas. All of them have four-star review averages, presumably thanks to industrial-scale subversion of Play's review system.

51 comments

  1. that's some good social justice by js290 · · Score: 0, Troll

    Google's too busy with diversity to be bothered with having their shit actually work.

    --
    "Tempers are wearing thin. Let's just hope some robot doesn't kill everybody." --Bender
    1. Re: that's some good social justice by Anonymous Coward · · Score: 0

      Google is too big for input validation on the supply side.

    2. Re:that's some good social justice by rmdingler · · Score: 1, Interesting
      Google isn't the most defensible corporation out there, but, their shit does actually work.

      As a modern day tech giant, they're undoubtedly beholden to several important populist grass roots movements as a matter of course,

      but if you think that changes the mission statement for market share, market share, market share... well, you're missing the value the Googly is willing to place upon appearances for the sake of the greater good.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    3. Re:that's some good social justice by Anonymous Coward · · Score: 1

      invisible space placed at the end of the developer's name

      their shit "works", huh? with fucking amateurish errors like this? filtering inputs is the first fucking thing you learn, for fucks sake. this is absolutely inexcusable.

      captcha: distrust

    4. Re:that's some good social justice by datavirtue · · Score: 1

      All of the app stores are crap for this same reason. Users run a search for a popular app and get bombarded with pages of spammy shitty apps with the same or similar name. Apple is trying to address it and Google should do the same. Curate this shit or give the users a serious way to curate the apps so we don't have to see shitty ad-spam make-believe apps that ruin the whole experience. It has come to the point where I will not go to an app store and instead find apps from the marketing sites of actual real software vendors and businesses and I click on the link there.

      --
      I object to power without constructive purpose. --Spock
    5. Re:that's some good social justice by Anonymous Coward · · Score: 0

      Google's too busy with diversity to be bothered with having their shit actually work.

      Google's too busy with diversity and inclusion to be bothered with having their shit actually work.

      There, FTFY.

    6. Re:that's some good social justice by Dog-Cow · · Score: 1

      The GV app for iOS hasn't worked for me in months. Calls never complete.

    7. Re:that's some good social justice by Hal_Porter · · Score: 1

      As a modern day tech giant, they're undoubtedly beholden to several important populist grass roots movements as a matter of course

      And you know they're important because Google promotes people saying they're important to the top of the search results and removes videos critical of them from YouTube.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    8. Re:that's some good social justice by Anonymous Coward · · Score: 0

      Another butt hurt white guy. FWIW, I'm a white guy, but not a pathetic fucking snivelling one like you.

  2. Mickey-Mouse operation by Anonymous Coward · · Score: 0

    Absolutely no professional security with regards to what they are selling from their very own store? Tech companies need to grow up. Nearly every one of them acts like a bunch of amateurs, no matter how big they are or how long they've been in business.

    1. Re:Mickey-Mouse operation by Anonymous Coward · · Score: 0

      What do you expect when every tech company fires anyone over 30 to keep the young blood young?

      They don't wanna grow up, they're not even Toys R Us kids, the Toys R Us song was written before they born.

  3. Review process by Exitar · · Score: 1

    Doesn't Google review any app on their store?

    1. Re:Review process by Anonymous Coward · · Score: 0

      Oh, I just got the memo. We're their QA department.

      Guess it goes back to the early days of Google, the search engine. That ad machine was permanently in *beta*, remember?

    2. Re:Review process by known_coward_69 · · Score: 2

      Why would they? It's all about freedom for developers to upload anything they want.

    3. Re:Review process by Tony+Isaac · · Score: 1

      Yeah, they probably outsource it to India or Russia.

    4. Re:Review process by datavirtue · · Score: 1

      Apple has the same problem.

      --
      I object to power without constructive purpose. --Spock
    5. Re:Review process by Anonymous Coward · · Score: 0

      Doesn't Google review any app on their store?

      What, you want a walled garden?

    6. Re:Review process by TheFakeTimCook · · Score: 1

      Apple has the same problem.

      Really?

      Find me more than a small handful of short-lived instances of nefarious apps (out of millions) that have ever appeared in the Apple App Store.

  4. Google Developers Suck by Anonymous Coward · · Score: 0

    There is no excuse. Attention to detail is not on their memorize these algorithms job interview.

  5. I don't use nor trust google play by Anonymous Coward · · Score: 2, Informative

    I use, for example: https://f-droid.org/en/packages

    1. Re:I don't use nor trust google play by watermark · · Score: 3, Insightful

      How to download WhatsApp from Fdroid?

    2. Re:I don't use nor trust google play by Anonymous Coward · · Score: 0

      How to download WhatsApp from Fdroid?

      You're correct, it's not on f-droid, but I'm not apt to download apps that are just repackaged websites. If a website is terribly unusable on Android, I'll live without it. That said, I only just started using an Android phone a few months ago for a few things, and still use an old early sort of smartphone for talk and some text.

      Otherwise: https://apkpure.com/search?q=whatsapp It's obviously no guarantee, but I generally unzip the app and check things out before I install it.

      On WordPress servers I admin I added "wptouch" which does wonders for smartphone browsing.

    3. Re:I don't use nor trust google play by Skuld-Chan · · Score: 1

      After reading through their FAQ's - I had to use google to find any docs on how to install it. But on a standard google phone - to install it and use it I have to turn off APK signing - which (using irony here) sounds way more secure. Some the features it has as well require root...

      I'm sure if its integrated with the phone's rom its probably fine.

      I have to wonder what the point is though - its more secure because they only allow open source applications on it? Assuming you know how to audit source code for security vulnerabilities I guess its a good thing.

    4. Re:I don't use nor trust google play by Dog-Cow · · Score: 2

      If you think the WhatsApp app is a repackaged website, you need to choke to death on your phone.

    5. Re:I don't use nor trust google play by Anonymous Coward · · Score: 0

      Not from F-droid, but you can download WhatsApp directly from https://www.whatsapp.com/android/ No need of Google Play

    6. Re:I don't use nor trust google play by Khyber · · Score: 1

      At 77 megs it's a fucking lot of bloat for a fucking text routing protocol.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  6. WhatWhat? by Anonymous Coward · · Score: 0

    What the fuck is a WhatApp?

    1. Re:WhatWhat? by Anonymous Coward · · Score: 0

      Yo, homie! WhatAPP, muthafuckah! Awe YEEEE! (grabs crotch, pauses to wind alarm clock being worn around neck)

    2. Re: WhatWhat? by Anonymous Coward · · Score: 0

      wicka wicka wiki.

  7. The star rating system is kind of dumb anyway. by Ichijo · · Score: 1

    If you are rating an app and you have nothing to compare it against, how do you know whether it's a good app? Should you give it the benefit of the doubt and rate it a 5, or should you give it a 3 because you don't know whether it's good (5) or bad (1)?

    A better rating system would make you put two apps of the same type in order from most to least liked, and justify your reasoning for the metamoderators. Then the polling software would use Condorcet or whatever to put all apps of that type in order from most to least liked, weighted by their metamoderation score, and assign each app a percentile ranking.

    I think this would be resistant to boot attacks and create better, more precise ratings.

    --
    Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    1. Re:The star rating system is kind of dumb anyway. by Anonymous Coward · · Score: 0

      Agreed. I'm a strong proponent of comparison / ordered ratings.

      However, I think special care has to be taken to prevent fanboys from simply rating their thing above the highest rated thing, and for rating the thing they hate below the lowest rated thing. So it's probably better to have a ladder system where things are first ranked against alternatives near the 50%ile mark. Ideally it would only move up the ladder to the 75%ile tier only if a Bayesian consensus shows that the thing is better than 50%ile with high confidence. The ratings system could display a provisional higher rating based on how strongly a thing is being rated in its current bracket.

    2. Re:The star rating system is kind of dumb anyway. by datavirtue · · Score: 2

      Forget starrs or whatever. There needs to be a moderation list like we have on Slashdot. One of the list items could be: "This app is not what it appears to be."

      --
      I object to power without constructive purpose. --Spock
    3. Re:The star rating system is kind of dumb anyway. by NaCh0 · · Score: 1

      If the bots can push a fake app up to 4 stars to obfuscate the 1 star reviews, they can just as easily flood the app with "Best Evah" moderations in the scheme you propose.

    4. Re:The star rating system is kind of dumb anyway. by thegarbz · · Score: 1

      and you have nothing to compare it against

      And what makes you think there's nothing to compare it against? Are you telling me the many millions of apps on the Play Store are all 100% unique in terms of functionality? Have you never abandoned one music player in favour of another?

      Actually what the rating really is is a thumbs up or thumbs down rating with the average number between them a representation of the relative thumbs. Lots of 5 star ratings, no problem lots of 1 star ratings, lots of problems. Just because this doesn't form a detailed review doesn't mean it isn't an incredibly useful system, especially when you can sort ratings by time (a 5 star app suddenly getting lots of 1 star ratings is a bad sign).

    5. Re:The star rating system is kind of dumb anyway. by arth1 · · Score: 1

      And what makes you think there's nothing to compare it against? Are you telling me the many millions of apps on the Play Store are all 100% unique in terms of functionality? Have you never abandoned one music player in favour of another?

      That there are apps to compare against for most apps doesn't mean that the reviewers have something to compare it against.
      Most consumers try something, and if they like it, they'll give it 5 stars. Even worse, they are more likely to rate an app that's new to them than one that they continue to use over a long time.

      When looking at reviews, I discard all 5 star reviews as unreliable, and then subtract 1 and finally multiply by 2.5, and I get a more believable 0-10 score. Similar for scoress on other sites with different numbers - discard the top and normalize to a 0 based scale.

    6. Re:The star rating system is kind of dumb anyway. by thegarbz · · Score: 1

      When looking at reviews, I discard all 5 star reviews as unreliable, and then subtract 1 and finally multiply by 2.5, and I get a more believable 0-10 score.

      You're turning the rating into something it isn't and extracting data that isn't there. Your algorithm also doesn't result in a 0-10 score, just results in rescaling the 0-4 score to 0-7.5 and then by looking only at a portion of the low results you're achieving absolutely nothing.

      Go back, understand how people post, understand that that doesn't make 5 star as unreliable but rather as a key part of the equation, (somehow you managed the former and then concluded the latter which is absurd) and then analyse the data that is given to you.

    7. Re:The star rating system is kind of dumb anyway. by arth1 · · Score: 1

      by looking only at a portion of the low results you're achieving absolutely nothing.

      3 star and 4 star are not low results. In a five star system, 3 is average, i.e. no worse than the average competition, and 4 is better than average.
      2, 3 and 4 star scores are mostly results from people who actually though before submitting, unlike most of the 5 star scores and some of the 1 star scores, which are binary scores.

      IMBD knows this too, and their ranking algorithm takes into account that scores of 10, and to a lesser extent 1, carry far less information useful for ranking[*], and especially when a movie is new.
      [*]: They carry other useful information, like fad trend information or how love and hatred of companies or individuals reflect on products. But for ranking purposes, top scores in particular are too tainted to be of much value.

    8. Re:The star rating system is kind of dumb anyway. by arth1 · · Score: 1

      from people who actually though before submitting

      Which shouldn't be confused with people who actually proofread before submitting.

      Mea culpa.

    9. Re:The star rating system is kind of dumb anyway. by thegarbz · · Score: 1

      3 star and 4 star are not low results.

      To quote someone:

      Most consumers try something, and if they like it, they'll give it 5 stars.

      Before you continue your thoughts, maybe you should come to terms in your own mind about how you think the ratings system works. Or is someone else posting on your behalf? Or maybe split personality disorder?

    10. Re:The star rating system is kind of dumb anyway. by arth1 · · Score: 1

      Maybe it blows your mind that there's no discrepancy between 3 and 4 stars not being low results and 5 stars meaning someone liked it?

  8. Wisdom of the Crowd? by Anonymous Coward · · Score: 0

    A million downloads huh? In other news, google search is not a good way to spell check, because it turns out there are a lot of other people who are bad spellers.

  9. Use Signal by Anonymous Coward · · Score: 0

    If you want the highest level of messaging security, use Signal by Open Whisper Systems. It is the gold standard. In fact, the WhatsApp encryption system is derived from Signal. Why route your stuff through Facebook when you can just go right to the source and get the best?

    Having said that, Google Play Store is clearly a hot mess and not getting better. If you are on Android, use F-Droid as your app repository. It will limit some of what you can download, but is still highly functional and a lot more secure. People should not be downloading every crapware app under the sun, anyway.

  10. So how is your walled garden working for you? by Anonymous Coward · · Score: 0

    Makes me want to go back to buying software on a nice shiny vetted CD-ROM.

  11. Nothing mod-worthy ... by CaptainDork · · Score: 5, Insightful

    I'm carrying ten mod points and there isn't one goddam comment (as of this writing) that's of any value.

    Including mine.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:Nothing mod-worthy ... by Anonymous Coward · · Score: 0

      Nothing news worthy either. I'm only here to see comments now, news is crap. Why am I still on Slashdot? Because some old dinosaurs who have something worthy to say on the topic exist...

    2. Re:Nothing mod-worthy ... by CaptainDork · · Score: 1

      Because some old dinosaurs who have something worthy to say on the topic exist...

      It's not you or me.

      --
      It little behooves the best of us to comment on the rest of us.
  12. But Apple is too exclusive/Walled garden! by Anonymous Coward · · Score: 0

    It's a bit sad that the anti-Apple crew jumps all over anything they can even slightly compare with Apple, but when Apples approach to approving apps means less (I'm not saying anyone's perfect) chances of getting crapware on your device... nobody says a word.

  13. Subversion? by thegarbz · · Score: 1

    Why would you assume industrial scale subversion in order to get high rankings? If an app is fake and yet works as intended there's no reason to believe that a user won't give it a 5 star rating if they don't notice a problem.

  14. Shocked by Hal_Porter · · Score: 1

    So you're saying Google, an ad company which doesn't seem to employ any actual humans you can talk to isn't doing a good job of removing fake apps which only show ads?

    I'm shocked!

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  15. Google app store by Anonymous Coward · · Score: 0

    Where anything goes.

  16. Great News by freerechargefield · · Score: 1

    Whatsapp Is most popular app in India. So Nice To here that.