Fake Samsung firmware update app dupes over 10,000,000 users

Over 10 million Android users have been tricked in downloading a fake Samsung app called ‘Updates for Samsung’ that assures you of constant firmware updates. However, all it did was redirect users to an ad-filled website that has a price for firmware downloads.  As per a report by ZDNet, Aleksejs Kuprins, malware analyst at the CSIS Security Group said, “I have contacted the Google Play Store and asked them to consider removing this app.”   This app has exploited users’ trust as it takes advantage of the difficulty faced in getting firmware and OS updates for Samsung smartphones; therefore the vast amount of people who have installed it.  The researcher says, “It would be wrong to judge people for mistakenly going to the official application store for the firmware updates after buying a new Android device. Vendors frequently bundle their Android OS builds with an intimidating number of software, and it can easily get confusing. A user can feel a bit lost about the [system] update procedure. Hence can make a mistake of going to the official application store to look for a system update.”  The ‘Updates for Samsung’ app aims to solve the problem for those who are non-technical by providing an all-in-one location where Samsung owners can download firmware and OS updates.  However, according to Kuprins, this is a trap. The app has no official tie-up with Samsung and only loads the update(.)com domain in an Android browser.  Searching through the numerous app reviews, you can see countless users complaining that the website is ad-infested and most of them cannot find what they are looking for —that’s just when the app does work and not crash.  ZDNet reports, “The site does offer both free and paid (legitimate) Samsung firmware updates, but after digging through the app’s source code, Kuprins said the website limits the speed of free downloads to 56 KBps, and some free firmware downloads eventually end up timing out.”  Kuprins states, “During our tests, we too have observed that the downloads don’t finish, even when using a reliable network.”  By crashing all of its free downloads, the developers of the app force people to shell out USD 34.99 for a premium package to download any files.  The issue here is that the app violates Play Store rules and uses its own payment platform rather than the one provided by the official store. This poses a threat to users as their payment data may get intercepted or logged by third-party sites rather than being encrypted by Google’s secure and protected payment channel.  Also, the app offers a USD 19.99 SIM card unlocking service but it is not yet known if it functions as intended or just another scam.  ZDNet states, “All in all, the app is not malware in the traditional meaning of the word, as it does not perform any malicious actions on the user’s behalf, or without his consent. The better words for its mode of operation are “scam,” “fraudulent,” or “adware.”  Krupins tells ZDNet, “I haven’t found the app to perform anything malicious on the device. “However, when the app is open – it does display a lot of full-screen advertisements, almost after every other tap on the screen.”  Krupins found this app when he queried the Play Store for the word ‘update’ believing that he would come across some malicious apps. The ‘Updates for Samsung’ app stands out from the vast amount because of the number of installs it has.  With over 10 million installs, this is the perfect app Google needs to disable.

Read more