We missed this earlier

Cybersecurity firm Symantec has found 152 fake Android apps masquerading as apps from Reliance Jio. The firm found out that these apps had 21 different package names and claimed to offer free daily data of 25 GB or 125 GB with a validity ranging from one day to a year. However, it noted that these exuberant claims were made only to generate advertising revenue for developers of these apps. Symantec also found that between January and June this year, these fake apps were installed on more than 39,000 mobile devices, with most of them being in India. While the offers available on these apps were found to vary, the firm said that there were a few commonalities in how these apps could potentially trick users:

  • Similar app icons and UI: These malicious apps have similar logos to that of the MyJio app. App names are generally variations of the original app: such as Jio 4G offers and Jio Prime. The firm said that by virtue of having such apparently similar-looking apps alone, users can be tricked into downloading one of these malicious apps. In fact, the similarities don’t just end at the app icon itself. Symantec noted that the user-interface (UI) screen of these malicious apps is also very similar to that of the original MyJio app.
  • False progress: Users are asked to fill in their mobile numbers so that the free data offer can be activated on the number. Symantec found that regardless of the validity of the number, the app takes the user to a screen that says it’s connecting to Jio servers. However, the app’s source code showed that no real connections or processing were taking place, and a sleep timer was added to extend the time the spinner stays onscreen. Following this exercise, users get a message that their number is eligible to receive the offer, after they follow some more instructions to activate it. This way, the app successfully tricks users into believing that they are just one step away from winning the free data.
  • Share the app: As part of the activation process, some apps asked users to share the app with 10 WhatsApp contacts, while other variants asked them to follow the developer’s Instagram account or a Telegram group (which are listed in the app). More so problematically, certain variations of these apps didn’t even ask users for consent and sent SMS containing a link to download the malicious app to the users’ contacts.
  • Advertisements: The final ploy that these apps use is to display advertisements – users are asked to click on an advertisement to unlock the offer. Some apps also opened advertisement web pages non-stop resulting in an infinite loop of web pages opening up on the device.

Fake apps run rampant on Play Store

We reported in June that a two-year long cybersecurity study found out that there were at least 2,040 counterfeit apps on Google Play Store. Also:

In February, Google had removed about 57 fake apps from the Play Store after security firm Quick Heal said that the apps did not have any legitimate functionality. Apps such as Credit Card Process and Home Loan Advisor appeared genuine on the basis of their description but did not function the way they were supposed to upon downloading. The security company claimed that the apps were mainly developed to earn money by showing ads.

In January, malware researcher Lukas Stefanko spotted 15 GPS-based apps in the Google Play store which were duping Android users and earning money from them. Some apps including GPS Route Finder, GPS Live Street Maps and Maps GPS Navigation did not provide any service of their own to the users but used Google Maps or its API to display ads. Some of the apps also sought permission to access users’ contacts, messages and call logs.