Google takes down fake anti-virus app that duped 10,000 users on Play Store

Filed Under: Android, Featured, Google, Mobile

fake stampA 17-year-old scam artist allegedly ripped off 10,000 people who purchased a fake anti-virus app.

His app made it to number one on the Google Play Store Top New Paid Android Apps page, before it was taken down last Sunday, 6 April 2014.

The Virus Shield app cost $3.99 and claimed to be a scanner that protected Android devices from viruses, while promising to never annoy users with pop-up ads found on many free apps.

Sounds like a good reason to pay four dollars for an app, right?

Well, a blogger for the website Android Police bought the app from the Play Store and discovered that Virus Shield had no anti-virus functionality whatsoever, and didn't do anything like it claimed.

The app was uploaded to Play Store on 28 March 2014 and in one week Virus Shield amassed more than 10,000 downloads and 1,600 recommendations, surging to the top of Google Play's new apps, according to media reports.

But almost immediately after Android Police posted a story exposing the app on 6 April 2014, the fake anti-virus app was taken down from the Play Store without explanation, and the developer's account was suspended.

Play Store screenshot of Virus Shield courtesy of Android Police

SophosLabs added malware detection for Virus Shield as Andr/Vshield-A, so people using our Sophos Mobile Security app for Android and Sophos business products are protected.

SophosLabs threat researcher Vanja Svajcer analyzed Virus Shield and showed us how the app deceived users into thinking they were getting anti-virus protection.

The app allows the user to toggle the shield icon, which shows an "X" that changes to a check-mark in the main activity area.


When launched, the app displays a fake scanning progress in the notification bar, just so it looks as though the app is doing something.


According to a report on DailyTech, this brazen scam was pulled off by a 17-year-old from Texas whose real name is Jesse Carter, but who had been scamming under screen names such as Deviant.

Virus Shield's developer account on Google Play was listed as "Deviant Solutions."

Unfortunately for the victims of the fraud, Google's Play Store refund policy only covers the first 15 minutes after you download the app - after that, Google tells you to contact the developer directly to ask for your money back.

I think this would be a good case for Google to have some sympathy for the people who got scammed - and refund the victims their money.

Play Store policing and policies

Google removes fraudulent apps from the Play Store from time to time, for example a fake version of the popular game Plants vs. Zombies that served up adware, and unofficial versions of apps by Apple and BlackBerry that climbed the charts for weeks before Google took them down.

Virus Shield's quick-and-dirty success shows that fake anti-virus, which has for years been a successful revenue source for cyber criminals targeting Windows users, is going to be a menace for Android users as well.

Fake anti-virus apps have appeared in unregulated alternative Android markets before, and Google has struggled to keep bad apps out of the Play Store.

Researchers recently discovered two popular apps on Google Play that were secretly compromising Androids to mine for cryptocurrencies like Bitcoin, Litecoin and Dogecoin.

And a Google Glass app that contained hidden spyware was uploaded by two graduate researchers to Google Play before Google discovered it.

Google's defense against malicious apps is a program called Bouncer, which has done a fairly decent job of blocking the fraudulent or otherwise malicious apps that have become rampant in non-Google app markets.

As the variety and number of malicious apps continues to grow, Google has to keep up.

On 28 March 2014, Google announced updates to its app developer policies for the Play Store that introduce new rules against misleading advertising and app descriptions, which will hopefully cut down on the amount of adware.

That's a good thing, although it will be tricky to regulate ad affiliate networks - app vendors can point the finger at their advertising partners.

Play Store is never going to be perfect - so it seems like Android users need to be a little more proactive when researching apps and look closely at the reputation of developers.



Screenshot of Play Store with Virus Shield courtesy of Android Police.

, , , , ,

You might like

11 Responses to Google takes down fake anti-virus app that duped 10,000 users on Play Store

  1. You can always contact the Play Store to get a refund, even after the 15 minutes window. Or you can go to "My Orders" section of the Play Store (under the gear icon). Then hover over the corresponding app and a small gear icon all appear. Click that and click "Report a problem." Choose "refund app" from the drop down menu.

    • John Zorabedian · 354 days ago

      Thank you, that is correct. However, in the Cancellation/Return policies, Google makes no promises of a refund after the 15 minute window.

  2. cdoggyd · 354 days ago

    The approval process in Apples app store can be painfully slow, but it seems their vetting process is much more thorough than Googles.

    • John Zorabedian · 354 days ago

      Apple uses a "walled garden" app store, which makes it more secure but less open than Play ... a good trade-off do you think?

  3. Drew · 353 days ago

    He's not 17.

  4. goat · 353 days ago

    Will he be asked to repay back his profits from his fake application, or will this be a huge OK from google that scam apps are fine as long as they don't find out for the first 15 minutes?

    • John Zorabedian · 352 days ago

      I have a feeling law enforcement authorities will be interested in more than asking.

  5. sudochop · 346 days ago

    Sophos for android has no ads and runs automatic scans and has theft protection and has everything i would want on my antivirus anywhere ever. I don't understand why people feel the need to download applications from untrusted sources (developers not widely known). They're basically asking to get screwed. I blame the users that are not careful about what they download and who they get it from.

    • Bonga86 · 263 days ago

      "SophosLabs added malware detection for Virus Shield as Andr/Vshield-A, so people using our Sophos Mobile Security app for Android and Sophos business products are protected."

      Sophos only took action after the app/developer was closed down. Meaning if another app comes along and bypasses Googles review systems Sophos Mobile protection is of little use?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Zorabedian is a blogger, copywriter and editor at Sophos. He has a background in journalism, writing about technology, business, politics and culture. He lives and works in the Boston area.