A fake version of the Android WhatsApp app was downloaded a million times from the Google Play Store before users discovered the fraud, and Google removed it.
Google appears not to have done enough to prevent scammers from using well-known apps, such as WhatsApp, from simply copying familiar app names, icons, and developer names and distributing them to unsuspecting Play Store customers.
One of several fake WhatsApp apps was downloaded between one million and five million times before it was flagged by users on Reddit. The app, which was called 'Update WhatsApp', looked identical to the real WhatsApp.
To dupe Android users, those behind the fake app differentiated its developer ID from WhatsApp's ID by adding Unicode encoding for a type of space, known as a 'no-break space', at the end of the name.
So, the real WhatsApp developer ID URL looks like this:
The Play Store is widely recommended as the safest place from which to install Android but Google has had trouble keeping it free of malware. The latest trend among developers is to hide cryptocurrency miners in apps, which use a device's CPU without asking the user permission.
Android users are advised to check apps carefully before installing them, including reading user reviews. However, in this case the bogus WhatsApp app had a four-star rating and over 6,000 reviews.