An app that promised software updates to Samsung phone users has reportedly duped over 10 million users. The app, earlier available in the Google Play store, was called Updates for Samsung – Android Update Versions. This app had nothing to do with Samsung or Samsung phones. But once a user installed it, believing that this is an official Samsung app for software and firmware updates, it served that user ads as well as in many cases asked a user for fee before an update could be downloaded.
Aleksejs Kuprins, malware analyst at the CSIS Security Group, told ZDnet, “I have contacted the Google Play Store and asked them to consider removing this app.” Apparently, Google has acted on request made by Kuprins because the app is no longer available.
It also means that if you are using any such app — see the name again, it is called Updates for Samsung – Android Update Versions — you should immediately uninstall it.
“It would be wrong to judge people for mistakenly going to the official application store for the firmware updates after buying a new Android device,” said the security researcher. “Vendors frequently bundle their Android OS builds with an intimidating number of software, and it can easily get confusing. A user can feel a bit lost about the (system) update procedure. Hence can make a mistake of going to the official application store to look for system update.”
Kuprins confirms that this app has no affiliation to Samsung. Updates for Samsung is nothing more than an ad-filled website to trick people. If you go by the review section of the app, you can see users complaining it. Kuprins confirms, “During our tests, we too have observed that the downloads don’t finish, even when using a reliable network.”
The fake application claimed that it would provide users with free as well as paid Samsung firmware updates. It is important to note that there are no paid firmware or OS updates from Samsung for people who use its phones. All official Samsung updates are free.
After going through the app’s source code, Kuprins said that the app limited the speed of free downloads and eventually showed Time-Out, forcing people to pay for a feature it wasn’t even offering. Also, after crashing the free downloads, Updates for Samsung reportedly pushed users to purchase a $34.99 (Rs 2,400 approximately) package to resume downloads.
Thankfully, the app limited itself to showing ads and exhorting money from unsuspecting users. It didn’t install any virus on the phone, or stole private data from users.
“I haven’t found the app to perform anything malicious on the device,” Kuprins said. “However, when the app is open – it does display a lot of full-screen advertisements, almost after every other tap on the screen.”