Fake WhatsApp App Downloaded 1 Million Times

An anonymous reader quotes Fortune: Reddit users yesterday spotted an extremely convincing spoofed copy of the popular WhatsApp messenger on Google Play. The fake was downloaded by more than 1 million users, who instead of a messaging tool wound up with a bundle of ads... The fake WhatsApp was nearly indistinguishable from the real thing thanks to an invisible space placed at the end of the developer's name.

One of the security hounds discussing the case on Reddit pointed out that this was not an isolated incident, even for WhatsApp. A search for "WhatsApp" on Google Play currently shows no fewer than seven spoof apps using slight variations on the developer name "WhatsApp Inc.", including versions with extra spaces, asterisks, or commas. All of them have four-star review averages, presumably thanks to industrial-scale subversion of Play's review system.

I don't use nor trust google play

I use, for example: https://f-droid.org/en/packages

Re:I don't use nor trust google play

[watermark]

How to download WhatsApp from Fdroid?

Re:I don't use nor trust google play

[Dog-Cow]

If you think the WhatsApp app is a repackaged website, you need to choke to death on your phone.

Re:Review process

[known_coward_69]

Why would they? It's all about freedom for developers to upload anything they want.

Nothing mod-worthy ...

[CaptainDork]

I'm carrying ten mod points and there isn't one goddam comment (as of this writing) that's of any value.

Including mine.

Re:The star rating system is kind of dumb anyway.

[datavirtue]

Forget starrs or whatever. There needs to be a moderation list like we have on Slashdot. One of the list items could be: "This app is not what it appears to be."