We have all experienced this, you are looking for an app on the official Android app store, the Play Store. You search for the app and the results show multiple apps with small variations in their names and icons. You have to be a ninja to know which one to download, much like it is on Windows sometimes.
For some it might be easier to figure out which app is the official one and which ones are clones but that’s not the case for everyone, apparently.
There was an app on the Play Store called Update WhatsApp Messenger and some might be familiar with it as it was downloaded over one million times. The app as you would probably guess just from the name was not officially from WhatsApp Inc. but it did enough to fool over a million people.
What the developer did to achieve that is so simple that Google should be ashamed of its security measures. The developer managed to get the same developer title as WhatsApp Inc. How, you ask? How can a developer have the same developer title as another, of a big developer at that?
The developer successfully pretended to be the actual WhatsApp Inc. developer by adding a Unicode character space after the name. This meant that the computer read it as WhatsApp+Inc%C2%A0 but to the user it would appear only as WhatsApp Inc.
So with the app appearing to be from WhatsApp Inc. users proceeded to download it over one million times. The app did not do much or require too many permissions as it only served ads. There however was code to download another apk and that one could have had more malicious intentions.
The fake WhatsApp was finally removed by Google from the Play Store on the 4th of November. However if you search for WhatsApp on the Play Store you will see so many fake apps that you would probably know to be fake but again, those apps are getting downloads.
There was yet another one claiming to be WhatsApp Business and had garnered over 5000 installs before they changed the app’s name to Update WhatsApp (see the trend, these guys are targeting people as they try to update their WhatsApp.) WhatsApp Business is not yet available to the public and so the app is obviously fake.
How do you make sure you are not fooled by these fake WhatsApp apps?
- Find the official WhatsApp here.
- The first step is to make sure the app is called WhatsApp Messenger. Just that and no variations. No ZapApp Messenger, WhasAp Mesenger or any such.
- The second step is the one which was circumvented by the above-mentioned developer but as far as we know that developer was the only one able to obtain the same developer title as WhatsApp Inc. In any case make sure the developer title is WhatsApp Inc. as most of the fake ones have slight variations to that title.
- Make sure the app has over 1 (one) billion installs on the Play Store.
- Read the reviews. If some of those who downloaded the Update WhatsApp Messenger app had read the reviews they would have seen that it was a fake.
- If you already have WhatsApp installed on your phone, you do not need to download another app to update it. When you visit the Play Store with the intention to update the app, simply slide out the hamburger menu and tap on My apps & games. Once there scroll the list of apps with available updates to find WhatsApp Messenger and tap on Update and you are good to go. If data allows, we advise that you update all the apps to stay safe and ensure your Android keeps running as fast as possible.
In all this let us remember not to be naive on the internet. There are hackers trying to get our hard earned bond notes and some like the Joker, just want to watch the world burn.