Sophos Cloud Optix
A 17-year-old scam artist allegedly ripped off 10,000 people who purchased a fake anti-virus app.
His app made it to number one on the Google Play Store Top New Paid Android Apps page, before it was taken down last Sunday, 6 April 2014.
The Virus Shield app cost $3.99 and claimed to be a scanner that protected Android devices from viruses, while promising to never annoy users with pop-up ads found on many free apps.
Sounds like a good reason to pay four dollars for an app, right?
Well, a blogger for the website Android Police bought the app from the Play Store and discovered that Virus Shield had no anti-virus functionality whatsoever, and didn’t do anything like it claimed.
The app was uploaded to Play Store on 28 March 2014 and in one week Virus Shield amassed more than 10,000 downloads and 1,600 recommendations, surging to the top of Google Play’s new apps, according to media reports.
But almost immediately after Android Police posted a story exposing the app on 6 April 2014, the fake anti-virus app was taken down from the Play Store without explanation, and the developer’s account was suspended.
SophosLabs added malware detection for Virus Shield as Andr/Vshield-A, so people using our Sophos Mobile Security app for Android and Sophos business products are protected.
SophosLabs threat researcher Vanja Svajcer analyzed Virus Shield and showed us how the app deceived users into thinking they were getting anti-virus protection.
The app allows the user to toggle the shield icon, which shows an “X” that changes to a check-mark in the main activity area.
When launched, the app displays a fake scanning progress in the notification bar, just so it looks as though the app is doing something.
According to a report on DailyTech, this brazen scam was pulled off by a 17-year-old from Texas whose real name is Jesse Carter, but who had been scamming under screen names such as Deviant.
Virus Shield’s developer account on Google Play was listed as “Deviant Solutions.”
Unfortunately for the victims of the fraud, Google’s Play Store refund policy only covers the first 15 minutes after you download the app – after that, Google tells you to contact the developer directly to ask for your money back.
I think this would be a good case for Google to have some sympathy for the people who got scammed – and refund the victims their money.
Play Store policing and policies
Google removes fraudulent apps from the Play Store from time to time, for example a fake version of the popular game Plants vs. Zombies that served up adware, and unofficial versions of apps by Apple and BlackBerry that climbed the charts for weeks before Google took them down.
Virus Shield’s quick-and-dirty success shows that fake anti-virus, which has for years been a successful revenue source for cyber criminals targeting Windows users, is going to be a menace for Android users as well.
Fake anti-virus apps have appeared in unregulated alternative Android markets before, and Google has struggled to keep bad apps out of the Play Store.
Researchers recently discovered two popular apps on Google Play that were secretly compromising Androids to mine for cryptocurrencies like Bitcoin, Litecoin and Dogecoin.
And a Google Glass app that contained hidden spyware was uploaded by two graduate researchers to Google Play before Google discovered it.
Google’s defense against malicious apps is a program called Bouncer, which has done a fairly decent job of blocking the fraudulent or otherwise malicious apps that have become rampant in non-Google app markets.
As the variety and number of malicious apps continues to grow, Google has to keep up.
On 28 March 2014, Google announced updates to its app developer policies for the Play Store that introduce new rules against misleading advertising and app descriptions, which will hopefully cut down on the amount of adware.
That’s a good thing, although it will be tricky to regulate ad affiliate networks – app vendors can point the finger at their advertising partners.
Play Store is never going to be perfect – so it seems like Android users need to be a little more proactive when researching apps and look closely at the reputation of developers.
Screenshot of Play Store with Virus Shield courtesy of Android Police.
You can always contact the Play Store to get a refund, even after the 15 minutes window. Or you can go to “My Orders” section of the Play Store (under the gear icon). Then hover over the corresponding app and a small gear icon all appear. Click that and click “Report a problem.” Choose “refund app” from the drop down menu.
Thank you, that is correct. However, in the Cancellation/Return policies, Google makes no promises of a refund after the 15 minute window.
The approval process in Apples app store can be painfully slow, but it seems their vetting process is much more thorough than Googles.
Apple uses a “walled garden” app store, which makes it more secure but less open than Play … a good trade-off do you think?
He’s not 17.
According to the DailyTech.com article I cited, this guy could be 17, but they also reported he claimed to be 22.
DailyTech’s article is here: http://www.dailytech.com/Texas+17Year+Old+Scams+Thousands+of+Android+Users+With+Fake+AV+App/article34668.htm
Did the guy get away with $50K? good for him! not
Will he be asked to repay back his profits from his fake application, or will this be a huge OK from google that scam apps are fine as long as they don’t find out for the first 15 minutes?
I have a feeling law enforcement authorities will be interested in more than asking.
Sophos for android has no ads and runs automatic scans and has theft protection and has everything i would want on my antivirus anywhere ever. I don’t understand why people feel the need to download applications from untrusted sources (developers not widely known). They’re basically asking to get screwed. I blame the users that are not careful about what they download and who they get it from.
“SophosLabs added malware detection for Virus Shield as Andr/Vshield-A, so people using our Sophos Mobile Security app for Android and Sophos business products are protected.”
Sophos only took action after the app/developer was closed down. Meaning if another app comes along and bypasses Googles review systems Sophos Mobile protection is of little use?
Depends on the timing, I suppose.
I propose that Google should enforce payback and should start legal procedures against robbers and thieves like the one quoted above. That “boy” should not get away with a major crime like this robbery. Others will be scared off by the risk in Google play and make for greater confidence in Google Play by users. It is otherwise making hacking and theft a reputable living and aiding and abetting cyber crime. .
Google Play should require the reason for all access types of a new app, Android should refuse an app access to any user data and system protected functions, (say the contacts list, permission to change permissions to Android or user data), in the install and running phases.
E.g. If a game requires access to contacts list, photos, documents, other user data access, it should not be allowed to be distributed on Google Play, effectively placing it on a blacklist. The user has no real control over access to which parts can be blocked out of the access list quoted during installation.
Otherwise Sophos should offer a facility during and after installation of applications. Then I would be the first to obtain Sophos. That would be a much better function than plain virus protection. But it will surely require a major intervention in Android system functions and design.
Better if Android does it.
Yes, it would require a “major intervention” (a good choice of words!) that would need redesigning every time Android’s internals changed.
Also, Android 6 supports this way of working now, following in the footsteps of Apple’s iOs.