In a damning report, cybersecurity firm Symantec has revealed that the Google Play store has become a haven for fake apps. Popular telecommunications company Jio which has several apps available for download via the Play Store is among the worst affected. Jio’s original apps have to often battle it out against more than 150 other fake apps that claim to be from Jio.
Most of these fake apps claim to offer free data – ranging anywhere from 25GB to 125GB – to users who install them and follow a few steps. What is more disconcerting is that between January and June 2019, more than 39,000 people had installed these apps on their phones. Most of these apps, according to Symantec, use logos, UI elements, and fonts that are near-identical to the ones used by Jio on their official apps. To make matters worse, the names of these apps have names like ‘Jio 4G Offers’, ‘Jio Prime’ and so on, which makes it very difficult for laymen to even realize that he is looking at a fake app.
The Symantec report also details how most of these apps function. Many of these apps ask users for their mobile numbers upfront so that the so-called free data offer can be activated on the number. Gullible users easily give in, and the result is that the developers of these apps have access to the phone numbers of a large number of people. Once a person enters his mobile numbers, most of these apps take users to a screen which says it is connecting to Jio Servers. Needless to say, nothing of that sort actually happens. Symantec dug deep into the source code of these apps, which confirmed that no actual connections were made to Jio servers.
Upon completion of this part, most of these apps users to perform a couple of other tasks to ‘activate’ the free data offer. This bit usually involves sharing the app link to 10 or more people on WhatsApp. There were some apps that asked users to like the developer’s Instagram page! Some apps sent SMS messages with links to malicious apps without asking for consent from users. The prime reason you see these apps on the Play Store is that these developers wish to earn ad revenue from them. To do this, the developers ask people to click on the display ads to ‘unlock the free data offer”. This usually results in an infinite loop of web pages opening on the device.
Google it seems is yet to take any stringent action against the developers of such apps. While there have been instances in the past where they performed a mass culling of fake apps, most of these apps eventually return to the Play store under a new name. It remains to be seen whether Google plans to make changes to its approval process to prevent such apps from ending up on the Play Store, which is used by millions of unsuspecting users.