It is still available in the official Google Play store.
Over 10 million users have installed an application called Updates for Samsung on their Android-smartphones, which allegedly offers firmware updates. In fact, it is an “advertising farm”. This was noticed by CSIS, which deals with cybersecurity.
According to the CSIS report, the application after installation simply opens the website of the Updato.com blog with a lot of advertisements that can be removed by paying $ 12 . The application also has a tab with unofficial software updates, which supposedly can be downloaded.
Initially, the application offers to download the firmware with a limited download speed, but for free. CSIS employees did not manage to do this, because the download was interrupted at some point, even using a reliable and stable network. The company believes that the fake application developers are trying to force users to purchase the paid version for $ 35 a year .
According to the researchers, even if someone decided to pay for downloading the update without a speed limit, the application does not pay via the official Google Play method, but requests information about the user’s credit card and sends it to Updato.com.
Updates from Samsung, among other things, offers a paid opportunity to unlock a SIM card for any network operator starting at $ 19.99 . But CSIS did not test this feature.
CSIS employee Alexei Kuprins believes that Android users could easily believe that updates should be downloaded through the market, so they installed the fake application without suspecting that it was an “advertising farm”. He and The Next Web asked Google to remove the application from the market.
The researcher recalled that such fake Android applications can not only deceive users, but also put their privacy at risk by collecting data on their activity.