06
Apr
unnamed (1)
Last Updated: April 10th, 2014

Computer security is important, even if the computer in question fits in your hand. There should be no doubt about that fact. However, you should be just as wary of security software as any other app. Case in point: there's a slick new app in the Play Store called Virus Shield. It's got a cool look and it's easy to operate. Just press a single button and your virus shield is activated.

sNYflC7

For a new app, and especially one that costs $3.99, it's doing phenomenally well. Appbrain says it's been available for just over a week, and it's currently the #1 new paid app...

VYQMVqW

gbNd46b

The #3 overall paid app...

EjntIvQ

And it's got an impressive 4.7-star rating after over 10,000 downloads. The app description says that it "Prevents harmful apps from being installed on your device," "scans apps, settings, files, and media in real time," and "protects your personal information." Oh, and it has a low impact on battery life, and has "No, ZERO pesky advertisements!"

2014-04-07 02.03.42 2014-04-07 02.03.50

There's just one problem: it's a complete and total scam. We don't mean in the slightly skeevy way that some anti-virus and general security software overstates dangers and its own necessity. We mean it's literally a fake security app: the only thing that it does is change from an "X" image to a "check" image after a single tap. That's it. That's all there is, there isn't any more.

shield_disabled shield_enabled shield_launcher

Don't believe us? Then check out the code for yourself - we've decompiled the app and mirrored the java code on GitHub, minus a few art assets. We've confirmed that this app is totally and completely devoid of any security benefit, but you don't have to take our word for it - several Google+ users have helped us to confirm its bogus nature. Here's a link to the files (not the app) if you want to check our work.

Let's not mince words here. This is fraud, pure and simple, and the developer "Deviant Solutions" potentially made considerable amounts of money based on a complete lie. We assume that a lot of the initial reviews were fake, but now that it's on the top of the charts, at least a few people will be buying it in the belief that it will protect them.

There is no developer website listed on the Play Store, but a quick search of the developer's email, "[email protected]," reveals very little information. What you can see is a banned account at Sythe.org, where the user "InceptionDeviant" is accused of trying to scam people out of various low-value game items. That's about all we could find.

2014-04-07 02.08.02

Unfortunately the wide-open nature of the Play Store means that unscrupulous people can take advantage of it. We usually just post fake apps to the Android Police social accounts and our readers helpfully flag them, but this is such a brazen and expensive fake that we felt the need to give it some special attention. It's somewhat disheartening that an app so obviously fake could rise to the top, especially considering that it's paid, and possibly hundreds or thousands of people have been defrauded already.

What's the solution? We're sorry to say that we don't have one. Any effective way of deterring outright fraudsters like this would go way beyond the basic filtering that Google is doing at the moment, and it would also make the Play Store less "open," if only marginally so. That being said, it's also clear that something needs to be done. Perhaps a more hands-on approach to monitoring apps that rise as rapidly as Virus Shield (which we're almost certain did so with less than genuine downloads and reviews) is called for.

If you'd like to do something proactive, you can report the Virus Shield via the Play Store app. Go to the listing on your device, tap "flag as inappropriate," then tap "other objection" and write out why this guy is a complete jackass. Alternatively, you can report it on the web.

Update April 6, 2014 11:50pm PT: The app has now been taken down.

image

Update April 10, 2014 10:35am PT: In an interview with The Guardian, the developer claimed Virus Shield was a "foolish mistake" and was supposedly mistakenly uploaded with the antivirus code missing. No explanation was offered for allegedly fake downloads and reviews. We have to question the claim that a company can keep updating an app (from version 1.0 all the way through 2.2) and rack up thousands of paid downloads at $3.99 a pop, all without noticing that its product was in fact doing nothing at all.

Michael Crider
Michael is a native Texan and a former graphic designer. He's been covering technology in general and Android in particular since 2011. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

  • http://www.androidpolice.com/ Artem Russakovskii

    I don't want a walled garden, but I also think something needs to be done here.

    A complete scam shouldn't be able to reach the #1 chart spot without getting vetted in at least some way, after being on the Play Store for over a week.

    • Sean White

      Telling everyone I know to stay away from this app right now. Thanks for the heads up

    • Sean White

      Telling everyone I know to stay away from this app right now. Thanks for the heads up

    • Roh_Mish

      A moderation system for apps to enter top 10?
      Also the reporting app in play store most of time has no response for many days for many days

      • Justin W

        You missed a zero. Anything going in the top 100 should be moderated and vetted to ensure there is no malicious code (or illegal/fraudulent promises such as this).

        • blahmoomoo

          Pretty sure malicious code is already handled for any app that is put on the Play Store. Fraudulent stuff, on the other hand, can't really be automated, and I agree with you on that.

    • Wallace

      What about mandatory screening for any security related app, to ensure this doesn't happen?

      • Roh_Mish

        It was posted in social

        • http://turbofool.com Jarrett Lennon Kaufman

          Too arbitrary. It's not the category of app that's the problem.

      • http://www.androidpolice.com/ Artem Russakovskii

        The problem here isn't inherently related to security apps - the top app could have been a game or an IM client. The nature doesn't matter, as long as the system is gamed, and the app rises to the top.

        • http://www.scottcolbert.com ScottColbert

          A game or IM client would have been far more obvious I'd think.If you guys hadn't torn it down, we wouldn't have known. I agree I don't want a walled garsen, but maybe a picket fence would do.

          • Brian

            Its a slippery slope. I want to agree that sime sort of barrier, or protectio from being scanmed would be 'nice' but i dont want to stop the open feeling good or bad.

          • http://www.scottcolbert.com ScottColbert

            They've already started down that road with the new guidlines on listing apps, and getting rid of porn related apps. I don't see it as much of a stretch for them to have some kind of a gateway to at least make sure apps do what they're advertised to do.

          • m00k

            Correct. An IM client with no UI or a game with nothing to play would be much easier to spot than something like security software, which runs in the background and we generally have blind faith in.

      • pip010

        how about more rigorous approval process for paid apps?

        • Steve Freeman

          So it's OK for apps to be published if they install a trojan or keylogger on your device, so long as the app is free?

          • pip010

            come ON NOW!
            by no means I imply lowering screening for unpaid. "trojan or keylogger" etc, are unacceptable.

            all I'm saying if an app is paid and sells something! to an end user they make sure it is not a MOCK! as this one obviously is!

          • Steve Freeman

            Yes, but you're putting a greater priority over paid apps, simply because they cost you money (up front). That doesn't make any sense.

            IMO, all apps should be checked for malicious code, and to verify the app does what it's described to do. However, as far as quality, stability, content, etc etc, Google should have no control or say over that.

          • robopanda333

            the problem here wasn't malicious code. the problem was what the app did and what it says it does are 2 different things. that isn't something some algorithm can identify. only people can really tell. This is where there is a 15 minute period on payed apps where you can return it for a refund. This however doesn't help at all when the end user can not in any way verify the app's functionality. google cannot possibly install every app on the market to check it. there just isn't a good solution. what did happen is likely the only thing we can hope would happen.

          • didibus

            But 15 minutes is too short, even the most aware user would have needed a bit more than 15 minutes to investigate if this app did or didn't protect anything.

            Also, I hope Google refunded the users. And if it had already dispensed the money to the developer, I hope they at least gave defrauded users a partial refund of the 30% Google made of the sales.

          • pip010

            absolutelly! the 15min is a SCAM!

          • didibus

            But 15 minutes is too short, even the most aware user would have needed a bit more than 15 minutes to investigate if this app did or didn't protect anything.

            Also, I hope Google refunded the users. And if it had already dispensed the money to the developer, I hope they at least gave defrauded users a partial refund of the 30% Google made of the sales.

    • http://www.gundamaustralia.com/ cameron charles

      this says it all, no one wants an apple style helicopter parent but there should at least be flags raised, and very quickly looked at, when an app goes from nowhere to number 1 in less then a week.

      the below suggestion of automatic moderation/examination for every app that breaks into the top 10 (or some other number) seems like a fair way to ensure the safety of consumers without the helicopter parent

      • StefTS

        There's a 6 week payment lag IIRC for shit like this.

      • TomsDisqusted

        Also, apps that require the most important permission should also get a bit more attention from Google: admin, contacts, sms.

      • Double-T

        no one wants an apple style helicopter parent

        Wrong. Me and my iPhone are quite happy with our helicopter parent. This is EXACTLY the primary reason I won't buy an Android device.

        • qu4ttro

          Then why are you here on an android centric website? Just trying to justify your obsolete overpriced toys?

          • Keldroc

            Your point is made without the laughable claim that Apple products are obsolete. Let's not go full console warrior here.

          • You’re An Idiot

            LOL! Did you really just make 3 guest accounts (Double-T, SomeGuy and Keldroc) and think no one would notice. Seriously, why are you here.

          • Double-T

            Wait a minute. I have one account. Double-T. Period.
            Secondly, I came here from a link on techmeme and I'm interested in concerns about android security to support my belief that apple's ecosystem is superior, and this article supports that notion.
            My original post only briefly explained and supported my own reasoning.
            Nothing is completely secure, but I personally feel safer knowing at least someone is paying attention.

          • ThePsych0naut

            "...concerns about android security to support my belief that apple's ecosystem is superior.."

            You feel that way because you don't know how to keep your phone secure, you noobtard."

          • SomeGuy

            Quote ironic that you're the one being defensive.

            He bought a better consumer product, why can't he be interested in the sub-par ones?

        • Radyor

          Just because a lot of people cant get through life with out a warning that states their coffee is hot, doesnt mean that Android is inferior.

        • ThePsych0naut

          Let me be clear. If you have a decent know-how of how Androids or any electronic device works; then you hardly come across a time when you download an app and it turns out to be a scam. My point being, even the least used apps (from niche devs) are safe if you know what you are looking for and where to look. So bitch please, get off your shitty iPhone high horse. We all know iPhone sucks, the common man doesn't know but it doesn't take a genius to figure out why iOS is shitty. Go back to playing Candy Crush.

          • SomeGuy

            You don't need "decent know-how" to operate a modern TV set, a fridge, a cooking stove, a microwave, a toilet, an iPhone. Yet you do with an Android phone, eh?

            News flash, Android is still shit.

    • usaff22

      It has been removed now.

      • Nicholas Ruiz

        Yep I just saw that. Good work, Google

    • usaff22

      It has been removed now.

    • opensource

      NSA HANDS AT PLAY

    • troph

      Android Police, doing some android policing (policying too).
      :) Good job getting this app taken down.

    • Matthew O’Connor

      They just need to use the Youtube system. All videos go up and can get viewed, but after 300+ views the video goes into an automated moderation, where the views are checked to be legit and that the video is nothing bad.

      This could be used for apps, say after 1000 downloads joins a que where a google employ looks over the app and code to sign it off as decent.

      • Rasta

        Thats still 4000 Dollars for the scammer.

        • wynalazca

          They don't get the money immediately. Google collects all of the money and they pay out to developers on the 15th of each month for the previous month's income. If Google suspended the account, they won't be seeing any of that money. I would hope they are going to refund everyone their money too.

    • Steve Freeman

      IMO, apps should be verified by Google before being published on the store. I don't mean for quality or anything like that, just to make sure they aren't malicious or fraudulent. Any other types of apps, hell, if people are dumb enough to pay for them, more power to the developers.

      This kind of situation just puts Android in a bad light.

      • r3verend

        Well. If you verify this app you will come to the conclusion that it doesn't do anything malicious at all. To go further you actually would have to assure that it does what it promises but such a check wouldn't be possible automatically.

    • OmniWrench

      Honestly I'm not sure this even boils down to "walled garden" or not. I don't believe Apple actually verifies that apps in their store do precisely what they say, no more, no less, do they?

      The issue really, is that this app claimed to do something essentially "ethereal". A random user is very unlikely to be actively testing their anti-malware, that's true of any platform. If an app says it takes pictures, and it doesn't, you're going to find out very quickly, and down-vote/report it to oblivion. If an app says it modulates the bluetooth sensors in order to repel tigers, it's going to take some legwork to see if it works or not.

      Any policy Google (or anyone else) could enforce on an app store to prevent this kind of thing would end up being arbitrary, flawed, and likely easy to circumvent.

      The guy downtown on the street corner selling Rolex watches is breaking the law, but every tourist that walks up and and says "oh what the heck, it couldn't hurt, right?" simple gives them another reason to exist.

      Now if you'll excuse me, I've suddenly had an idea for an app......

    • mma173

      They @Google should be really ashamed of themselves.

      • lulsek

        You're the retard that bought the app.

      • r3verend

        Why? What would you do in Googles place to prevent something like that?

        • mma173

          Establish a QA procedure. I would learn from the competitors, adjust it to my needs, and build on top of it.

    • Sxeptomaniac

      I think Google also needs to do a weighted reviewing system, so that an established account that makes more involved reviews gets more weight than empty accounts that just made a few star-only reviews. It won't fix everything, but it would reduce the ability of these types to game the system if one established reviewer could counteract 5-10 of their shill accounts in one review.

    • faceless128

      i think the status quo is great. this scam was exposed in under a week.

    • Dan

      "something needs to be done" and the first part has been done. The people found it, reported it, and the gatekeepers killed it. The second step will be when Google refunds all of the sales. There's no need for any additional measures, no automatic checking, etc. Any app that becomes this popular will be analyzed by the community out of boredom if nothing else, so there's no need to scream for regulation or more draconian measures.

    • didibus

      Honestly, I find the Play Store has a very bad rating system, and search is pretty terrible too. For Google, I always thought that was strange. They need to fasten their algorithms.

      The content in all the Top sections is pretty stale, and uninteresting at most. Ratings are mixed throughout versions, some programs have been updated to now be amazingly better, yet old reviews still aggregates in their total. The reverse happens too, some apps had high scores 3 years ago, and now haven't been updated, yet still rank high because of historical scores.

      The search is also pretty dumb, it feels like an old Altavista search, where the only thing they account for is how many time your keyword show up in the name and description of the app. This is easily abused.

    • didibus

      You'd think Google would care more, but then again, they made a 30% cut from the sales of this scam artist. I wonder if they offered at least a partial 30% refund.

    • ThePsych0naut

      You do know that Google Play store offers 'packages' that let the app developer pay them money and in return he gets 'good reviews', 'stars', and 'likes'. An acquaintance of mine is an Android developer and he showed me a mail from the Play store showing different cash packs enumerating how many comments, stars and likes you can get.

  • http://www.androidpolice.com/ Artem Russakovskii

    I don't want a walled garden, but I also think something needs to be done here.

    A complete scam shouldn't be able to reach the #1 chart spot without getting vetted in at least some way, after being on the Play Store for over a week.

  • Rob Wilson

    Buyer beware.

  • Rob Wilson

    Buyer beware.

  • yodatom10

    you Know the folks at Android Police are upset when there posting at midnight.... reported

    • Justin W

      Agreed, reported as well.

    • http://www.androidpolice.com/ Artem Russakovskii

      Only 9pm here :)

      • andy_o

        But it's GoT day!

        • impulse101

          Winter is coming, I heard in season 9. Its going to be awesome and worth the wait of 9 yesrs for something to happen on this show.

    • grammar police

      they're

  • black

    Regardless of the nature of this app, I'd like to thank your balls for decompiling and posting the source on your website. Thank you balls.

    • http://www.androidpolice.com/ Artem Russakovskii

      Not sure how to take the balls aspect... but thanks?

      • efab

        yeah looks like some people are saying it's illegal to decompile the app and host it on github. hopefully you guys dont get any trouble for doing this.

      • pmdis

        Isn't this violating the DMCA?

        • http://www.androidpolice.com/ Artem Russakovskii

          I'm going to argue that DMCA does not apply in the name of security research, which is what this falls under. Either way, it'd be easily defensible.

          • Rob

            I agree, but even if it is defensible, there are costs to deal with if someone decides to try to sue over it.

            DMCA is way too blunt of an instrument.

          • Koveia

            I support AP for decompiling scam apps, regardless of what people or DMCA said.

            Though honestly I'm a bit surprised, is decompiling apk really that easy ? Don't developer use obfuscation anymore ?

      • black

        Yes.

  • http://google.com/+derekross Derek Ross

    Sweet, thanks for the heads up! Can't wait to install this bad boy! /s

    • http://www.androidpolice.com/ Artem Russakovskii

      I hear it really works. Let us know what viruses it flags.

      • Ashton wilson

        All of a sudden it will say androidpolice.com is a virus.

  • vyktorsouza

    Why did Artem find out about it on his G+ account but instead Michael posted it?

    • SSDROiD

      I can think of a number of reasons, though I have no idea if they are correct.

      #1: Artem's Internet was down, and the data plan was a total bitch and not worth it.
      #2: Artem was tired, sleepy and Michael was wide awake.
      #3: They both discovered it at the same time, and it's a happy coincidence for Michael that he posted it just seconds before Artem.
      #4: They're co-workers, and occasionally write stories for each other, so they split the effort.
      #5: Artem simply didn't have the time to write an article at this moment.

      Have your pick and feel free to add additional ones! :)

      • blahmoomoo

        Considering Artem decompiled the code (based on the Github owner) and stuff, I'd guess #4. Artem discovered and gathered evidence, Michael wrote the article.

      • http://www.androidpolice.com/ Artem Russakovskii

        #4 and #5. I delegate stuff I find all the time. Don't have the time to write everything these days.

        • SSDROiD

          A reply from the man himself! I feel kind of honored, hahaha. (Is that weird? lol) Whether you're writing the article or just delegating it, you're doing a great job either way! Same goes for the rest of your team! ;)

  • Pau1ey

    Reported. Check out all the fake reviews also! They mostly all seem to say the same thing, either best antivirus or it cleaned up their phone. Woah.

  • Jalok Xlem

    Well look at that, 10,000 morons right there. Now how did this fake virus protection app became so popular among the other fake virus protection apps!?

    • challenge_accepted

      Clearly not real people. Most don't have comments just 5 stars, no device either. Definitely paid reviews.

    • http://www.androidpolice.com/ Artem Russakovskii

      I bet the majority of them are paid reviews that refunded. Without them, it wouldn't have gotten to the top of the charts.

  • Brian Utne

    Lmfao, this is great. The people that downloaded this are probably the same ones that say things like,"Androids can get viruses so easily, that's why I use an iPhone."

    • urriss

      What an odd thing to say. Why would those people download an app from Play store when they're using an iPhone?

      • Brandon MacDougall

        LMfao exactly what I was thinking this guy is an idiot.

        • pip010

          like there is not a single person on the planet owning both!

          • impulse101

            Not usually. Ipbone is usually relegated to tech illiterates and weak minded followers.

          • pip010

            WRONG! the only correlation is based on income. people with mid-high income own iPhones and not Androids! (just google it ;))

            app-devs usually have both.

          • Christian Cebrian

            So, those who own iphones are tech illiterates and weak minded followers who happen to be mid-high income, because the low income illiterates can't afford an iPhone.
            On the other hand, Android is 80% of the market, and iPhone is 15% of the market, surely 5 times as much market share means that all social classes might be dominated by android. Specially if you take into account that galaxy s4 (a phone that costs as much as an iphone) outsold apple by itself.

            By the way, the articles you mention about the income disparity are all based in a map of tweets that is coded VERY WRONG, as it puts the red dots in front of the green dots in the map where they overlap, so in very dense areas like NYC in Manhattan it would show iPhone above Android when in reality it might be the other way around, and they don't present any data to go with it.

            But you can tell if you zoom all the way in, there are more androids than it is aparent zoomed out, and since you can see a lot of green behind the red dots, I will venture to say Android even dominates the likes of Manhattan and NYC, if they werent more prominent, then you wouldnt see any green as it would all be behind the red. And that's not the case there.

          • colormedisappointed

            How do you know that galaxy s4 outsold iphone? Samsung doesn't release those numbers.

          • Christian Cebrian

            I don't have specific data on phone vs phone sales, but since Samsung has almost double the marketshare in smartphones than apple does, and their most, then I assumed their top phone was higher than the iPhone. But you can safely assume the galaxy line outsells the iphone line, then.

            Regards!
            Christian

          • pip010

            All I need is to use my own eyes.
            The Netherlands (rich): Predominantly iphones users with exception of occasional android devices (mostly S3 S4) and generally favoured by techies and some general population, which don;t care whatever is on sale by local service providers.
            Bulgaria (poor): Predominantly android devices (mostly mid/low-end) with the occasional screw heads, which cannot afford iphones but try to get desperately to one in order to show off and demosntrate a class!

          • Christian Cebrian

            Thing is you cant use your own eyes in this case. Becaise the information is presented on a very arbitrary way. Red shows over green, and that makes it seemseem like there is no green in dense areas where they have both. And in reality Android might be even higher in those places as well. They need to present charts and hard data. Not a map where anyone can infer anything.

  • Xergio

    Maybe that big "S" stands for "Scam" xD

  • Vito Cassisi

    Yet, still as effective as the legit offerings!

    • SSDROiD

      OH SNAP!

    • MyLeftNut

      This is so true, but here's a serious analogy: Someone sells you "magic pills" that provide "complete" STD protection, but all they'd really do even if they did work is provide only a little more protection than using common sense. I would still be extremely pissed to find out, after the fact, that I've been paying cash money for placebos.

      Besides, one thing I know from helping the kind of people who seek out anti-virus (technical and medicinal) in the first place is that many don't view it as a preventative measure as much as they treat it as a free ticket to be less careful. Working in a hospital for two years has pretty much made me immune to human stupidity.

      • Randroid

        You took the words out of my mouth... "many don't view it as a preventative measure as much as they treat it as a free ticket to be less careful."

        People get an antivirus program, or other security program, on their PC (or in this case phone/tablet) and suddenly they think they are invulnerable on the net. There is no such thing as being invulnerable on the net, even if security programs were updated every second of every day. Everything has it's flaws (even Apple products, as skeptics recently found out) and nobody can be 100% safe, especially without some basic common sense.

  • Ian Monroe

    Thanks for letting us know! I went to the Play Store and voted reviews listing the app as a scam to be helpful
    I wouldn't personally invest in antivirus for Android, but I'm glad that I know that it's bogus now!

  • akshay

    I thought it was fake when I read the description which said "complete virus protection" and the app isn't even an 1MB big. Virus protection isn't this simple. It requires quite a lot of code. Reported

    • http://www.androidpolice.com/ Artem Russakovskii

      Most of the bulk was in the Google support libs. The real code is a few K and there are some images and other assets.

    • http://turbofool.com Jarrett Lennon Kaufman

      One review also pointed out that the app has NO permissions requirements. Kind of hard for AV to function without a decent amount of permissions.

  • bedwa

    I've reported it as well. Makes me barf thinking of someone coding so little and abusing others with it. I would rather have a good idea for an application and not move on it rather than to code something this blatantly corrupt.

  • Rob Earls

    Cue 1000 copy-cat virus apps.

    :-(

  • Rob Earls

    Cue 1000 copy-cat virus apps.

    :-(

  • BobSwinkle

    I've reported it from Australia. For fellow Android Police Aussie readers, report it under "unlawful activities" as this would almost certainly be in breach of section 18 of the Competition and Consumer Act. I suspect "Unlawful Activities" may get through the Google priority list a little bit faster.

  • http://www.bordersweather.co.uk/ Andy J

    Sigh, if they wanted to even pretend it was even vaguely legit, the very least they could do would be to detect the EICAR string :/ 1 regex to detect the international standard and pop up a notification so they could at least pretend it was doing something. This is just downright lazy! For everyone else who even vaguely considers getting any virus checker - on Android or otherwise, ALWAYS test it actually works by using the EICAR test virus - http://www.eicar.org/85-0-Download.html it is not a real virus, just a string of text that any real anti virus software will flag as a virus - usually called the EICAR Test Virus.

  • TSON1

    This guy made like 30k from this? Is there any process where Google would offer refunds or anything?

  • http://www.bordersweather.co.uk/ Andy J

    UPDATE: I can get to it from the direct link - but if I search the Google Play store for "Virus Shield" it doesn't come up in any search results - in the UK.

  • http://www.bordersweather.co.uk/ Andy J

    UPDATE: I can get to it from the direct link - but if I search the Google Play store for "Virus Shield" it doesn't come up in any search results - in the UK.

  • NunjaBusiness

    FlappyAntiVirus?

  • valapsp

    Now AP becomes android POLICE . . .

    • http://www.androidpolice.com/ Artem Russakovskii

      Just now?

  • fef

    OK its a scam but how they managed to get around 30.000 USD in a few days ? How they promoted it? I did not see the app till this.

    • http://turbofool.com Jarrett Lennon Kaufman

      There are easily 1000+ fake reviews for it, each with a fake G+ account with no photo and no history but reviewing this particular app. Likely they all "purchased" it long enough to review it, then refunded it. Sounds like a loophole in how Google tallies these things.

    • vgergo

      And Google made 10.000 USD. The fact they took it off, does it mean the customers are automatically refunded?

  • http://turbofool.com Jarrett Lennon Kaufman

    It has TONS of 5-star reviews from various devices, with no actual text in the review, and none of them has a photograph and all have reviewed ONLY this app. I feel like there's a major exploit being used here to create fake G+ profiles for this purpose that Google's going to need to figure out. This concerns me greatly.

    • Paul

      That reminds me somehow of an EA game with IAP's. I think (not sure anymore) it was Dungeon Keeper. Once it was widely released (after "soak tests") a lot of those similar reviews showed up. No picture, no text, just star ratings.
      Does that mean companies like Electronic (F)arts are also playing the system?

      • http://turbofool.com Jarrett Lennon Kaufman

        Wow. Yeah, I would imagine so.

      • http://turbofool.com Jarrett Lennon Kaufman

        Wow. Yeah, I would imagine so.

      • hocestquisumus

        Nah, not them. Their PR agencies. In the name of plausible deniability, EA and so on "don't 'know" and the agencies will get a right scolding when found out.

    • Sxeptomaniac

      I suspect Google needs to work out an algorithm to weight reviews based on the history of the reviewer, among other things.

      • http://turbofool.com Jarrett Lennon Kaufman

        Agreed. Something to verify they have any history at all beyond that review. Google+ posts, +1s on other things, actual text in the review, etc.

  • valapsp

    isn't it a little fishy that 90% percent of the reviewers don't have a profile pic? It seems there is still a way to alter play store reviews. remember we had a similar case some time ago?

    • http://turbofool.com Jarrett Lennon Kaufman

      Not just no photo, but no history beyond reviewing only this app. Suggests to me someone's got a sweet way of creating massive numbers of G+ accounts and then using them to purchase, review, and then likely refund the app.

      • Strongfox

        You could easily go on some hacking forum and find a bunch of posted google+ accounts and there passwords or hack a database of some website and get a bunch of emails and passwords and see if they have a google+ account linked to there email and then use those accounts that where probably never made in the first place for the google play store and write bogus reviews. Hackers so it all the time for YouTube comments and for eBay reviews and such.

    • Prezes Dyrektor

      wow nice new fresh interface and so good app great dev support

    • pip010

      it seems not hard for all-mighty Google to catch those :)

  • Mkvarner

    I think its gone (Norway).

  • Vardan Nazaretyan

    So, instead of closing accounts of awesome developers such as Jeppe Foldager, they should close accounts of people like this.

  • Nathan J

    Surely AP has the clout to reach out to Google about this? Although I'm much more concerned about the situation involving Jeppe Foldager. I don't use his skins/icons, but I've read his story on Google+. On the surface it looks like his developer account was shut down for SEO (using KitKat in the names of his skins/icons) or something to that effect, but in any case, this developer that people love and respect is now out all of a sudden with no explanation or appeal. We say Google Play is so much better than the iTunes App Store, but when Google pulls crap like this, sacking a good developer, and then allowing blatant scams like this in... it makes me wonder. Then I remember three words: "I Am Rich." Apple's App Store is no better. So apparently scams are allowed. And they shouldn't be.

    • RarestName

      Poor comparison.

  • http://404err0r.com/ Henry Park

    the app is down
    though it shows on the ranks. if you click on it, it gives you an error

    lol AP you guys are scary remind me not you piss you guys off....

    • Fatal1ty_93_RUS

      Android Police 101: never fuck wth AP team

    • Fatal1ty_93_RUS

      Android Police 101: never fuck wth AP team

  • buhahah

    Well, what can you expect from a developer called Deviant Solutions, apart from a solution that is, well, DEVIANT!

  • Rajan Verma

    Reported. Can I download this app, rate it 1 star and refund this scam app?

  • hocestquisumus

    Raises an interesting question... did Google know? I mean, it's fraud, of course. But then it obviously doesn't do (direct) harm either I don't exactly know the TOS for the Play Store but due to its open nature it could very well be like 'does't make smartphones explode, go right in'. After all Google and Apple profit from every download from their respective stores.

    Sure, this doesn't do anything. But there are a zillion games and useless apps in both stores that do nothing but annoy the user into spending money on some crap they don't need. Buying a virtual hammer on a useless game that's been created in an afternoon (includes planning) with the sole purpose of generating IAPs is just as much of a scam IMHO.

    This one won't give you security.
    500.000 stupid games won't give you any entertainment.
    800.000 useless apps will just send your data to North Korean servers.

    • impulse101

      Really?

  • darkich

    Taking advantage of people stupid and I'll informed enough to pay 4 bucks for something like this?
    And then even gladly give it top ratings ?

    Somehow I find it hard to blame the dev

    • todd

      "people stupid and I'll informed"

      • Joshua Wright

        Quite clearly an auto-correct...

        • todd

          when calling people stupid, be sue to correct typos before posting.

        • todd

          when calling people stupid, be sue to correct typos before posting.

      • darkich

        Fixed.Thanks :p

  • BobSwinkle

    Seems to have been killed now. I can't get access to it via any links or find it in Google Play. Good work Android Police, hopefully the people suckered in get automatic refunds.

  • Dave

    I think people that look into antivirus programs at all deserve this...

  • @SmaugDragon

    "I don't want a walled garden but..."

    Problem solved, the community has solved this problem, sorry for the fact that some got scammed but it fixed itself (thanks to you), now google has a responsibility to re-reimburse those that spent money on a fake app, or alternatively users should dispute their credit card charges and let google suffer!

    • MyLeftNut

      Yeah, Google ain't refunding shit. I've been having problems with All Access (literally half of the albums in my library return a playback error and are unplayable) and Google literally just told me, 'whelp, it's working for us," and just pretended it wasn't a problem some people are having. That's an app they developed and that I pay for monthly.

      It's good that community outrage can help out shady devs but that's probably as far as this brand of justice extends...

  • Mohamed AlRefai

    if users are allowed a 48 hour refund it will end the point of the scam which is money

  • Ryan M

    Out of curiosity, what software did you use to decompile this?

    • http://www.ninetwozero.com Karl Lindmark

      I'm guessing dex2jar as well as jd(-gui?). :-)

    • http://www.ninetwozero.com Karl Lindmark

      I'm guessing dex2jar as well as jd(-gui?). :-)

  • Ryan M

    Out of curiosity, what software did you use to decompile this?

  • Duncan

    Stupid peolple deserve this

    • epic3

      On the other hand, users that fell victim to this scam should look at moving to Apple's iOS platform or Windows mobile. It is absolutely egregious that Google allows so many scams like this to exist on the Play Store. The sad thing is that the people who fell victim to this scam actually paid for the software which is necessary for the Android platform to grow. Despite the large number of users using Android not many developers are making money. This does not speak well for the future of the platform.

      Please fix this Google. Have a section verified by Google, then let users run into the wild if they would like. At least this way you could offer an experience similar to the security of Apple's App store.

  • proberts

    Actually the dev would've made no money. Developers get paid on the 15th of every month. No doubt Google have restricted payments from the merchant account. If the dev got their timing right yes they would've got the money.

  • Sir Perro

    I wish all the scams in the world were so innocent as this one. This is "an scandal" and google should "do something", yet we let Jeovah whitnesses, scienciology and millions of uninimaginable forms of horseshit to ring our doorbells without Google and Apple filtering them from the face of earth.

    Smart guy earned tenths of thousands of dollars from dumbass people? Not nice, sure. Next step? Google should remove this app, refound the users and sue the creator. Not a big issue if you put it in perspective. Trivial problem, trivial fix.

    Keep Google Play as it is. We've got enough censorship already, and MUCH bigger problems, scams and idiots too.

  • David Margolin

    meh... at least they're holo

  • mystrdat

    This isn't so bad when you realize we allow sales of homeopathic medicine just fine.

  • JazzEspresso

    I wonder how many of my paid apps like this, believing they are doing something useful while on the background do nothing!??

  • JazzEspresso

    I wonder how many of my paid apps like this, believing they are doing something useful while on the background do nothing!??

  • StankyChikin

    Now lets hope that this wasn't closed and you don't get sued for posting the code ;)

  • Daeshaun Griffiths

    Seriously, this is why i love AP. Not only do you live up to your name but the investigations never stop. Don't get sued.

  • Adam Lapinski

    I think Google Play should have a user based security/quality system, if let's say over 50% of people report that an app is: fake, non functional, scam (like in this case), or a clone of another app. This could be done by scanning the user comments I believe, then Google should look at the app, and take it down if necessary.

  • Jason Woodrow

    Thanks Android Police. I didn't get scammed, but it's nice to know that someone is watching out for us.

  • nod

    This shit is funny. The website mentioned is sythe.org not .com . Its a virtual black market where people exchange virtual currency. He went from scamming kids over petty amounts of runescape gold to this. And people wentfor it!! Brb making app

  • cisco-ip-phone

    That's awful but I can't help laughing at the same time. I knew Jesse at Sythe (iirc he was not Vibe, he was InceptionDeviant) and spoke to him a few times on msn years ago. Weird to see where old msn friends end up. (We weren't really friends, and actually, now that I think about it he may have scammed me. Might be someone else though)

  • tanjiajun34

    App taken down but still I don't think that is enough for them. They just scam more than 10,000 people. That is like 27930USD earning (Assuming only 10,000 people bought it which should be way lower than the actual). I think Google should just refund all the customers and a lawsuit against them.

  • Mista_Mr

    It's crap like this that doesn't help the playstore reputation for providing app that are frauds.

  • Simon Belmont

    Well done, AP. Good sleuthing.

    Funny, if I saw the app was less than a 1MB in size, I'd probably question its ability to prevent malware on my device. The best prevention is common sense, anyway.

  • bolski

    Sure hope everyone gets there money back. Then, Google needs to go after the dev with everything.

  • Wolfdog

    Reported a few inaccuracies regarding the email and who it belonged to on Sythe.org - the author was very quick to respond and edit! Great report, thanks!

  • Albie Frates

    I absolutely agree that a sensible time lag between payment and actual withdrawal of funds is in order here. It seems to me that confident and honest developers would be willing to wait, say 5 business days, for actual payment. It would also (possibly) simplify the current arrangements for refunds on Google Play. Additionally, I find it hard to comprehend how any developer (especially those charging money for apps) can load up, ride out of town with thousands of fraudulent dollars, leave no trail and simply disappear into the ether.

    • Joseph Newman

      And at the same time, it would allow for easier lengthening of the "trial time" from 15 minutes (not really enough time to get a sense of whether or not you need a refund, IMHO) to the few days that it takes the funds to be processed.

      • Albie Frates

        Right. Some things in the ever faster Internet need to be purposely slowed down. Particularly when it comes down to buying an app on Play. After all, what's the rush to put a friggin' app on your device?

        • Joseph Newman

          Well, putting an app on your device is fine but making the time limit on refunds so low is stupid. I have yet to see an app that I can try out in that amount of time and form an opinion as to whether or not I want it long term. It takes a few days of playing around with it to see if it's worth my money. That's why the only apps I've bought had a free version I tried out first.

  • S. Hahnemann

    Homeopathy for the phone. You should not question its effectiveness! Either you believe in it or you don't! It clearly works for me! Haven't caught any infections with this app installed so far!

    • decathelite

      +1 for username.

  • qriusme

    Thanks for calling this out! Appreciate y'all at AP!

  • truthSaying_Magician

    Easy fix. Make it so all paid apps must be free for an arbitrary amount of time. For games, 1 day. For a tool like this, 5 days. It's a start.

    • truthSaying_Magician

      Could even make it so games are free for 10 minutes, 20 minutes, just to get a taste. Then, an alert will be sent out to force you to purchase or your trial expires.

    • Brian Hartman

      I'm not sure that would've done anything, in this case. Would the user have any way of knowing this app didn't do what it said it did?

      • truthSaying_Magician

        It would be enough time for there to be some discussion on it, like here in this article and forum. Not just posted here, but linked on quite a few high traffic sites. It took them less than a week to get the word out that it was a scam. Once it is out, it spreads, people become aware and decide against making a purchase.

        • Brian Hartman

          Okay. Good point. :)

  • Leonardo Baez

    next step is trying to make google do something about fake reviews and stars

  • adamhs

    Again this has been said ad naseum: the best anti-virus is common sense.

  • firesoul453

    Dang. Reminds me of insurance lol.

  • Fanarl

    This is where IOS store shines!

  • http://www.newportessentials.com/ paco cornholio

    OK here are some ideas. The goal is to allow new apps quickly and cheaply while still protecting users.

    First: Set up independent, vetted review services that app developers can pay for, plus tools to allow other independent review by anyone else. All reviewers get rated by each other, to prevent gaming of the system. Any reviewer that drops below 90% positive (invent the criteria) is no longer qualified to comment through Play store.

    Then: All apps, including updates, until they are reviewed, are accompanied by an "under review" icon that shows on the Play page and in the permissions list in the Android update process. "Under review" has the same function as a new permission - it blocks auto update until the user gives specific permission.

    By the way, Google should clean up its app permissions system - easy click-through to plain language descriptions of what an app may do with each permission. It's so confusing that I am now regularly uninstalling banking and other apps because I don't understand what they're asking me for.

  • saf1927

    This is why the Play Store needs someone actually checking any submitted app, even if it means it takes 3 days before actually publishing it. A bot can check whether the code is malicious, but it will never find out an app that doesn't do what the description says it does. If not on every single app submitted to the store, at least the one that are supposed to be paid.

  • Matthew Fry

    They did say they were a deviant right there in their name.

    • Dio_Genes

      Good point, Matthew- At least that was one thing the developer was honest about! Acc to Merriam-Webster, deviant= "different from what is considered to be normal or morally correct."

  • colormedisappointed

    I keep overestimating the intelligence of my fellow droid users. Time to upload Virus Shield Ultimate and up the price a buck.

  • RockAndRock

    Good Job AP !

  • Adam

    Good job.

  • Vasilis K.

    Man, you're fantastic! GREAT article!

  • narg

    This article acts as if this kind of thing is new. It's not. Android is the modern day "Windows '95" with all it's bugs and bad intentions. Stay away. Star far far away.

    • tim242

      Modern day Windows 95? Show me a case of an Android phone ever infected with a virus. That's what I thought.

  • stefanek

    a) Is decompilation legal? "we've decompiled the app"

    b) What is the secret sauce for thousands of fake reviews?

  • Steve Sy

    This is really funny.

  • epic3

    Sadly, this doesn't come as a surprise. Too many apps on the Play store are nothing more than viruses, malware or fraudware. Something need to be done about this before smartphones become the focal point of making transactions. Not doing so puts the platform at risk of losing consumer confidence all together.

    • Dio_Genes

      Very well stated, epic3!

  • Dio_Genes

    To Michael Crider: Great job! Thank you for alerting us to this false-security rip-off. I really wish that there was a website exclusively devoted to outing the app scammers out there.

  • BillHK

    Shouldn't they arrest the kid?

  • asdf

    Wow, couldn't disagree more with some of you saying wait until an app hits the top 10. He's already ripped off millions by then! Glad I'm not an Android user is about all I can say.

  • http://www.tablazines.com Tablazines

    I purchased my first Android phone this week because I wanted a 5" inch screen and this was the first app that I purchased. Welcome to Android. lol

  • F Young

    This is not just a bad app. This is literally a case of fraud, which is literally a crime.

    Google needs to lay charges with the police so this criminal is put behind bars.

    • jannaM

      Literally?

      • F Young

        Yes, literally, as opposed to hyperbolically or colloquially

  • Salient Eye
  • Salient Eye
  • sgtguthrie

    I just saw this story on Fox News, and they credited Android Police :-)

  • http://sylwester.no/ Sylwester

    Some how this makes me think about xkcd comic about a tornado warning app: https://xkcd.com/937/

  • Lukas

    In Germany, you could just force the seller to pay back the money you paid :-P

    • pillybilly

      MUST be google to refund every scammed user.

  • Cowicide

    I think the only solution is developers are going to need to provide phone numbers and get verified by phone along with an address (not a P.O. Box) that gets send a verification letter that must be returned and also have their same name that's tied to a major credit card (not the kind you buy at the grocery store). Otherwise, developers will have to stay out of the Play Store and just offer their apps via their own websites.

  • woofa

    This is why when you buy something you should have SOME familiarity with it. Does the app have a known history, a reputation? Especially in this case, after all it is a SECURITY application. Is there a company web site with contact info? This not only exposes the fraud involved here it shows how uninformed people will just leap on something because it's not expensive and is supposed to provide them with security. This didn't even provide a free version, you have to pay for it from the get go. Just for giggle since I thought it was the case and I looked, every other app under the security search provided a FREE app, many with an in app purchase. Nope, this one was $4 right up front, no free. Did this make people think it was somehow a better security app?

    The truth is I've been waiting for this day to come given the open nature of the Play Store and sure enough someone exploited it. Google is just relying on the "community" to expose this sort of thing and do a job they should be doing up front. Good job AP. At least it was only about a week it was in the wild. Don't know how Google pays devs but doubtful the dev has actually seen any of the money in such a short time I'd think. Time to pony up the refunds Play Store.

  • pillybilly

    Thanks to crappy people like this, other honest developers can't pay the rent...

  • Brandon

    This story, along with the article I read which linked me here, is why I stick with Apple:

    http://appleinsider.com/articles/14/04/07/apples-ios-7-reaches-87-adoption-still-growing-faster-than-android-44-kitkat

    To start off, I'm not some random Apple fanboy. I believe Android's a great platform to build on, and to use, and two of my close family members both have Sony Xperia phones. They're beautiful and powerful. I've considered buying one a couple times, but these security holes keep me from doing so.
    Fact is, I really don't want to deal with these scam apps, and late os updates, when I have other important things in my life that I want to focus on, and when I need an app to accomplish a certain task in the current moment. Often enough, my mobile phone is integral to my day to day life, and it needs to be there when I need it. If you guys want to stick with Android, you will have to deal with shit like this. You're gonna have to look on forums, its gonna be complicated. Apple does all of this work for me before I buy it. Google is open. Apple is closed. It's simple, apples (lol) and oranges.

    TLDR: Don't like the open nature of Google? Go with Apple....
    Don't like the inflexibility of Apple? Google.
    It's gonna either be one way or another,
    and that's exactly what this article is teaching us.

  • technohead95

    Why doesn't Google carry out certification for apps? Once certified, the app would get a Google Certified badge and thus give consumer confidence. Apps that are still pending certification will still be available in the Play Store but wouldn't be badged.

  • Ryan Elliott

    If you don't know what code you have on your app, you shouldn't be a developer. Simple as that.

  • kamisori

    what a great way to make money... technology used by people who dont understand it one bit + a threat. wait that sounds like exactly what is done with regular virus scanners, except this guy here took the shortcut and only pretends to pretend to keep you safe. GENIUS! where can i flattr him?

  • Maxr1998

    #OT: How did you decompile the app so complete? I don' get this result with apktool..
    Would be thankful if you could give me a hint. Want to use it for coding Xposed. #ENDOT

    I just don't get why people buy sth like this, when there's nothung to configure, you don't get any error messages or warnings, and why nobody cares about privacy when there is (although wrong) listed "scans your apps"

  • eman alshazly
  • Mona Ali
Quantcast