Update (July 9, 2019): A Google spokesperson said the app violates Play Store guidelines, and the company has removed the app:
We confirmed that the app violated its policies and has been suspended. Providing a safe and secure experience is a top priority and our Google Play developer policies strictly prohibit apps that are deceptive, malicious, or intended to abuse or misuse any network, device, or personal data. When violations are found, we take action.
In recent months, we’ve seen quite a few reports of the Google Play Store hosting counterfeit apps that are designed to dupe users and earn money through ad farms. In the latest reveal, CSIS Security Group’s report suggests that a fake app – promising updates for Samsung phones – has been installed by over 10 million users.
The app, named ‘Updates for Samsung,’ promised users Android firmware updates, but after installing it, it redirected them to an ad farm that charged money for downloading the update.
Sadly, the app is still live on the Play Store, and security researcher Aleksejs Kuprins said he contacted Google to take it down. We’ve also contacted the company to learn more, and we’ll update the post accordingly.
CSIS’s report noted apart from showing ads, the app offered an annual subscription to download Samsung firmware for $34.99. However, the payment wasn’t handled through Google Play subscriptions. You simply had to put down your credit card number and trust the site. Plus, the counterfeit app also claimed to unlock any SIM for $19.99.
Bogus Android apps like this can not only swindle you of your money, but potentially put your privacy at risk by collecting data. Google needs to step up its game in policing the Play Store to weed out this garbage, and fast.