You’d think that a fake of an app as popular as WhatsApp would be difficult to get pass the safety layers that Google has in place for apps that aim to be listed on the Play Store. Bad actors have long been able to get malicious apps on the Google Play Store despite all of the company’s attempts to rid its app store of the problem. It doesn’t help its case when someone gets a fake WhatsApp listed on the Google Play Store. Not only was the app listed, it was also downloaded by over one million unsuspecting users.
The app is called Update WhatsApp Messenger and the app’s developer pretended to be the official Facebook-owned service with the developer title “WhatsApp Inc.” That’s the very same title that the real WhatsApp uses on the Play Store.
The developer was able to get away with this by adding a Unicode character space after the title. In reality, this is what the title actually is with the hidden character space: WhatsApp+Inc%C2%A0. This allowed the fake title to appear the same as the real one.
Those who downloaded the app found that it wasn’t WhatsApp but one that displayed ads to download other apps. It required minimal permissions so those who uninstalled it unknowingly might not have had their data stolen (fingers crossed).
The fake WhatsApp app has now been removed by Google from the Play Store. However, it shows yet again that the company needs to do more in order to prevent such malicious apps from finding their way on to the Play Store.