Fake WhatsApp App Downloaded Over 1 Million Times
Phony WhatsApp is the latest Google Play store problem
If you recently downloaded the Android version of WhatsApp from the Google Play marketplace, you might want to be sure it's the real thing.
Redditors on Friday discovered that a fake WhatsApp program available in Google Play had been downloaded more than 1 million times before Google took it down. The app, officially known as Update WhatsApp Messenger, had a Google Play page with the same look and feel as the real Facebook-owned WhatsApp.
- Antivirus Software Buying Guide
- How to Protect Your Identity, Personal Data and Property
- Just in: How to get WhatsApp Dark Mode
It was even developed by someone who chose the name "WhatsApp Inc.," to make people think it was a legitimate program. (The developer name added a couple of invisible characters after "Inc.," thus fooling Google's not-so-intelligent "machine intelligence" app screener.)
When users booted up the app, they found a chatting interface. However, the real focus was on serving those users ads. That in itself is more annoying than dangerous, although the app's code could have been tweaked to inject malware directly or lead users to websites that might try to do the same.
MORE: Best Android Antivirus - Top Free and Paid Mobile Security
According to one Redditor who took apart the app, it ditches the title and icon to try "to hide itself" and keep attracting users.
Facebook's WhatsApp, with a purported 1 billion daily active users, is one of the most popular chatting applications in the world, allowing users to send everything from text and video to audio to others. WhatsApp also includes encryption technology to allow users to communicate with other people without worrying too much about an unauthorized person peering in to see what the discussion is about.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
How to Avoid Fake Apps
When looking at any app listing on Google Play, be sure to see if the name matches the actual name of the app. If there's an extra word or character tossed in, chances are it's not the real thing.
You might also want to read the app description to ensure it lists the features you'd expect. Some of the fake apps also have fake icons, which can be a giveaway. If you know an app should cost something, but you see it listed as free, be very suspicious.
One of the best ways to ensure authenticity is to just to go to the website for the app developer and click on the Google Play download link there. Most developers deliver you right to the correct page on Google Play.
In the event you mistakenly download a malicious app, delete it immediately, report it to Google and consider writing a negative review on the Google Play page to alert other users. App reviews are often times a good place to determine whether an app is real or not.
You should also make sure "unknown sources" is turned off as a download source in your Android device's security settings. This restricts you to the Google Play store; it's arguably an unfair restriction as Amazon's Android app store is just as safe, but it prevents dodgy websites from trying to install apps on your phone.
Part of a Bigger Issue
The fake WhatsApp app is bad enough, but it highlights a bigger problem in the Google Play marketplace.
Security expert Kevin Beaumont on Sunday shared a screenshot on Twitter showing a simple search for "whatsapp" in Google Play. The results returned a slew of apps that appear to come from Facebook and WhatsApp but are actually fakes aimed at scamming users.
"This is a small number of the WhatsApp apps," Beaumont tweeted.
He added that only one of those in the lineup isn't malware or fake. How or why all those fakes got past Google's much-ballyhooed Bouncer app screener is something that Google needs to answer.
Untill Google gets its act together and hires humans to start screening Android apps, it's best to run third-party Android antivirus apps. (The built-in Google Play Protect is simply not ready for prime time.)
As this phony WhatsApp app has been removed from Google Play, we can't tell you whether any antivirus app would have blocked it. But in general, third-party Android security apps have less tolerance for dodgy behavior than Google itself does.
Oh, and even if you are using the real version of the app, you should check out our How to Update WhatsApp guide to keep the program safe from malicious attacks.
Best Android Antivirus Software
Best Paid Option
You'll have to pay $15 per year for Bitdefender Mobile Security, but its excellent malware protection and intuitive user interface make it well worth paying for.
Best Freemium Option
Norton Mobile Security may seem pricey, but its excellent protection, multidevice license and unique privacy features make it a worthwhile investment.
Don Reisinger is CEO and founder of D2 Tech Agency. A communications strategist, consultant, and copywriter, Don has also written for many leading technology and business publications including CNET, Fortune Magazine, The New York Times, Forbes, Computerworld, Digital Trends, TechCrunch and Slashgear. He has also written for Tom's Guide for many years, contributing hundreds of articles on everything from phones to games to streaming and smart home.