A 17-year-old scam artist allegedly ripped off 10,000 people who purchased a fake anti-virus app.
His app made it to number one on the Google Play Store Top New Paid Android Apps page, before it was taken down last Sunday, 6 April 2014.
The Virus Shield app cost $3.99 and claimed to be a scanner that protected Android devices from viruses, while promising to never annoy users with pop-up ads found on many free apps.
Sounds like a good reason to pay four dollars for an app, right?
Well, a blogger for the website Android Police bought the app from the Play Store and discovered that Virus Shield had no anti-virus functionality whatsoever, and didn’t do anything like it claimed.
The app was uploaded to Play Store on 28 March 2014 and in one week Virus Shield amassed more than 10,000 downloads and 1,600 recommendations, surging to the top of Google Play’s new apps, according to media reports.
But almost immediately after Android Police posted a story exposing the app on 6 April 2014, the fake anti-virus app was taken down from the Play Store without explanation, and the developer’s account was suspended.
SophosLabs added malware detection for Virus Shield as Andr/Vshield-A, so people using our Sophos Mobile Security app for Android and Sophos business products are protected.
SophosLabs threat researcher Vanja Svajcer analyzed Virus Shield and showed us how the app deceived users into thinking they were getting anti-virus protection.
The app allows the user to toggle the shield icon, which shows an “X” that changes to a check-mark in the main activity area.
When launched, the app displays a fake scanning progress in the notification bar, just so it looks as though the app is doing something.
According to a report on DailyTech, this brazen scam was pulled off by a 17-year-old from Texas whose real name is Jesse Carter, but who had been scamming under screen names such as Deviant.
Virus Shield’s developer account on Google Play was listed as “Deviant Solutions.”
Unfortunately for the victims of the fraud, Google’s Play Store refund policy only covers the first 15 minutes after you download the app – after that, Google tells you to contact the developer directly to ask for your money back.
I think this would be a good case for Google to have some sympathy for the people who got scammed – and refund the victims their money.
Play Store policing and policies
Google removes fraudulent apps from the Play Store from time to time, for example a fake version of the popular game Plants vs. Zombies that served up adware, and unofficial versions of apps by Apple and BlackBerry that climbed the charts for weeks before Google took them down.
Virus Shield’s quick-and-dirty success shows that fake anti-virus, which has for years been a successful revenue source for cyber criminals targeting Windows users, is going to be a menace for Android users as well.
Researchers recently discovered two popular apps on Google Play that were secretly compomising Androids to mine for cryptocurrencies like Bitcoin, Litecoin and Dogecoin.
And a Google Glass app that contained hidden spyware was uploaded by two undergrad researchers to Google Play before Google discovered it.
Google’s defense against malicious apps is a program called Bouncer, which has done a fairly decent job of blocking the fraudulent or otherwise malicious apps that have become rampant in non-Google app markets.
As the variety and number of malicious apps continues to grow, Google has to keep up.
On 28 March 2014, Google announced updates to its app developer policies for the Play Store that introduce new rules against misleading advertising and app descriptions, which will hopefully cut down on the amount of adware.
That’s a good thing, although it will be tricky to regulate ad affiliate networks – app vendors can point the finger at their advertising partners.
Play Store is never going to be perfect – so it seems like Android users need to be a little more proactive when researching apps and look closely at the reputation of developers.