Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake WhatsApp App Downloaded 1 Million Times (fortune.com)

Posted by EditorDavid on from the not-the-Android-app-you're-looking-for dept.

An anonymous reader quotes Fortune: Reddit users yesterday spotted an extremely convincing spoofed copy of the popular WhatsApp messenger on Google Play. The fake was downloaded by more than 1 million users, who instead of a messaging tool wound up with a bundle of ads... The fake WhatsApp was nearly indistinguishable from the real thing thanks to an invisible space placed at the end of the developer's name.

One of the security hounds discussing the case on Reddit pointed out that this was not an isolated incident, even for WhatsApp. A search for "WhatsApp" on Google Play currently shows no fewer than seven spoof apps using slight variations on the developer name "WhatsApp Inc.", including versions with extra spaces, asterisks, or commas. All of them have four-star review averages, presumably thanks to industrial-scale subversion of Play's review system.

30 of 51 comments (clear)

  1. Review process by Exitar · · Score: 1

    Doesn't Google review any app on their store?

    1. Re:Review process by known_coward_69 · · Score: 2

      Why would they? It's all about freedom for developers to upload anything they want.

    2. Re:Review process by Tony+Isaac · · Score: 1

      Yeah, they probably outsource it to India or Russia.

    3. Re:Review process by datavirtue · · Score: 1

      Apple has the same problem.

      --
      I object to power without constructive purpose. --Spock
    4. Re:Review process by TheFakeTimCook · · Score: 1

      Apple has the same problem.

      Really?

      Find me more than a small handful of short-lived instances of nefarious apps (out of millions) that have ever appeared in the Apple App Store.

  2. I don't use nor trust google play by Anonymous Coward · · Score: 2, Informative

    I use, for example: https://f-droid.org/en/packages

    1. Re:I don't use nor trust google play by watermark · · Score: 3, Insightful

      How to download WhatsApp from Fdroid?

    2. Re:I don't use nor trust google play by Skuld-Chan · · Score: 1

      After reading through their FAQ's - I had to use google to find any docs on how to install it. But on a standard google phone - to install it and use it I have to turn off APK signing - which (using irony here) sounds way more secure. Some the features it has as well require root...

      I'm sure if its integrated with the phone's rom its probably fine.

      I have to wonder what the point is though - its more secure because they only allow open source applications on it? Assuming you know how to audit source code for security vulnerabilities I guess its a good thing.

    3. Re:I don't use nor trust google play by Dog-Cow · · Score: 2

      If you think the WhatsApp app is a repackaged website, you need to choke to death on your phone.

    4. Re:I don't use nor trust google play by Khyber · · Score: 1

      At 77 megs it's a fucking lot of bloat for a fucking text routing protocol.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  3. Re:that's some good social justice by rmdingler · · Score: 1, Interesting
    Google isn't the most defensible corporation out there, but, their shit does actually work.

    As a modern day tech giant, they're undoubtedly beholden to several important populist grass roots movements as a matter of course,

    but if you think that changes the mission statement for market share, market share, market share... well, you're missing the value the Googly is willing to place upon appearances for the sake of the greater good.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  4. The star rating system is kind of dumb anyway. by Ichijo · · Score: 1

    If you are rating an app and you have nothing to compare it against, how do you know whether it's a good app? Should you give it the benefit of the doubt and rate it a 5, or should you give it a 3 because you don't know whether it's good (5) or bad (1)?

    A better rating system would make you put two apps of the same type in order from most to least liked, and justify your reasoning for the metamoderators. Then the polling software would use Condorcet or whatever to put all apps of that type in order from most to least liked, weighted by their metamoderation score, and assign each app a percentile ranking.

    I think this would be resistant to boot attacks and create better, more precise ratings.

    --
    Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    1. Re:The star rating system is kind of dumb anyway. by datavirtue · · Score: 2

      Forget starrs or whatever. There needs to be a moderation list like we have on Slashdot. One of the list items could be: "This app is not what it appears to be."

      --
      I object to power without constructive purpose. --Spock
    2. Re:The star rating system is kind of dumb anyway. by NaCh0 · · Score: 1

      If the bots can push a fake app up to 4 stars to obfuscate the 1 star reviews, they can just as easily flood the app with "Best Evah" moderations in the scheme you propose.

    3. Re:The star rating system is kind of dumb anyway. by thegarbz · · Score: 1

      and you have nothing to compare it against

      And what makes you think there's nothing to compare it against? Are you telling me the many millions of apps on the Play Store are all 100% unique in terms of functionality? Have you never abandoned one music player in favour of another?

      Actually what the rating really is is a thumbs up or thumbs down rating with the average number between them a representation of the relative thumbs. Lots of 5 star ratings, no problem lots of 1 star ratings, lots of problems. Just because this doesn't form a detailed review doesn't mean it isn't an incredibly useful system, especially when you can sort ratings by time (a 5 star app suddenly getting lots of 1 star ratings is a bad sign).

    4. Re:The star rating system is kind of dumb anyway. by arth1 · · Score: 1

      And what makes you think there's nothing to compare it against? Are you telling me the many millions of apps on the Play Store are all 100% unique in terms of functionality? Have you never abandoned one music player in favour of another?

      That there are apps to compare against for most apps doesn't mean that the reviewers have something to compare it against.
      Most consumers try something, and if they like it, they'll give it 5 stars. Even worse, they are more likely to rate an app that's new to them than one that they continue to use over a long time.

      When looking at reviews, I discard all 5 star reviews as unreliable, and then subtract 1 and finally multiply by 2.5, and I get a more believable 0-10 score. Similar for scoress on other sites with different numbers - discard the top and normalize to a 0 based scale.

    5. Re:The star rating system is kind of dumb anyway. by thegarbz · · Score: 1

      When looking at reviews, I discard all 5 star reviews as unreliable, and then subtract 1 and finally multiply by 2.5, and I get a more believable 0-10 score.

      You're turning the rating into something it isn't and extracting data that isn't there. Your algorithm also doesn't result in a 0-10 score, just results in rescaling the 0-4 score to 0-7.5 and then by looking only at a portion of the low results you're achieving absolutely nothing.

      Go back, understand how people post, understand that that doesn't make 5 star as unreliable but rather as a key part of the equation, (somehow you managed the former and then concluded the latter which is absurd) and then analyse the data that is given to you.

    6. Re:The star rating system is kind of dumb anyway. by arth1 · · Score: 1

      by looking only at a portion of the low results you're achieving absolutely nothing.

      3 star and 4 star are not low results. In a five star system, 3 is average, i.e. no worse than the average competition, and 4 is better than average.
      2, 3 and 4 star scores are mostly results from people who actually though before submitting, unlike most of the 5 star scores and some of the 1 star scores, which are binary scores.

      IMBD knows this too, and their ranking algorithm takes into account that scores of 10, and to a lesser extent 1, carry far less information useful for ranking[*], and especially when a movie is new.
      [*]: They carry other useful information, like fad trend information or how love and hatred of companies or individuals reflect on products. But for ranking purposes, top scores in particular are too tainted to be of much value.

    7. Re:The star rating system is kind of dumb anyway. by arth1 · · Score: 1

      from people who actually though before submitting

      Which shouldn't be confused with people who actually proofread before submitting.

      Mea culpa.

    8. Re:The star rating system is kind of dumb anyway. by thegarbz · · Score: 1

      3 star and 4 star are not low results.

      To quote someone:

      Most consumers try something, and if they like it, they'll give it 5 stars.

      Before you continue your thoughts, maybe you should come to terms in your own mind about how you think the ratings system works. Or is someone else posting on your behalf? Or maybe split personality disorder?

    9. Re:The star rating system is kind of dumb anyway. by arth1 · · Score: 1

      Maybe it blows your mind that there's no discrepancy between 3 and 4 stars not being low results and 5 stars meaning someone liked it?

  5. Re:that's some good social justice by Anonymous Coward · · Score: 1

    invisible space placed at the end of the developer's name

    their shit "works", huh? with fucking amateurish errors like this? filtering inputs is the first fucking thing you learn, for fucks sake. this is absolutely inexcusable.

    captcha: distrust

  6. Nothing mod-worthy ... by CaptainDork · · Score: 5, Insightful

    I'm carrying ten mod points and there isn't one goddam comment (as of this writing) that's of any value.

    Including mine.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:Nothing mod-worthy ... by CaptainDork · · Score: 1

      Because some old dinosaurs who have something worthy to say on the topic exist...

      It's not you or me.

      --
      It little behooves the best of us to comment on the rest of us.
  7. Re:that's some good social justice by datavirtue · · Score: 1

    All of the app stores are crap for this same reason. Users run a search for a popular app and get bombarded with pages of spammy shitty apps with the same or similar name. Apple is trying to address it and Google should do the same. Curate this shit or give the users a serious way to curate the apps so we don't have to see shitty ad-spam make-believe apps that ruin the whole experience. It has come to the point where I will not go to an app store and instead find apps from the marketing sites of actual real software vendors and businesses and I click on the link there.

    --
    I object to power without constructive purpose. --Spock
  8. Re:that's some good social justice by Dog-Cow · · Score: 1

    The GV app for iOS hasn't worked for me in months. Calls never complete.

  9. Subversion? by thegarbz · · Score: 1

    Why would you assume industrial scale subversion in order to get high rankings? If an app is fake and yet works as intended there's no reason to believe that a user won't give it a 5 star rating if they don't notice a problem.

  10. Shocked by Hal_Porter · · Score: 1

    So you're saying Google, an ad company which doesn't seem to employ any actual humans you can talk to isn't doing a good job of removing fake apps which only show ads?

    I'm shocked!

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  11. Re:that's some good social justice by Hal_Porter · · Score: 1

    As a modern day tech giant, they're undoubtedly beholden to several important populist grass roots movements as a matter of course

    And you know they're important because Google promotes people saying they're important to the top of the search results and removes videos critical of them from YouTube.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  12. Great News by freerechargefield · · Score: 1

    Whatsapp Is most popular app in India. So Nice To here that.