A fake WhatsApp app bypassed Google's Play Store checks and was
downloaded 1 million times.
Android users were tricked by a convincing fake
WhatsApp app listing in the official Google Play Store, but one expert said
this incident shouldn't take away from confidence in the safety of the Play
Store.
The issue was first revealed on the r/Android subreddit and showed a fake WhatsApp app listing in
the Google
Play Storethat had the
developer name appearing to be the real WhatsApp Inc. Redditor "E_x_Lnc"
first posted about the fake listing, noting it used a Unicode character that mimicked a blank space
after the name in order to bypass Google's malware scanner and was invisible
unless someone looked at the code itself.
There were some minor red flags on the fake WhatsApp app
listing that redditors pointed out though. First,
while 1 million downloads may seem impressive, the real WhatsApp has been
downloaded more than 1 billion times. The fake WhatsApp app listing also
contained the tag claiming the app contained ads, which the real app does not.
Finally, the real WhatsApp listing bears the "Verified by Play
Protect"
branding from Google.
