Dubious counterfeit app ‘Updates for Samsung’ has been installed ten million times

Spread the love

A dubious app that tries to cheat users of money by promising fast firmware downloads has been installed more than ten million times on Android. The app calls itself Updates for Samsung.

Although the Android app ‘Updates for Samsung – Versions of Android Update’ is in the Google Play Store, it has questionable ways of defrauding users, the CSIS Security Group writes on Medium. The app showcases news and tutorials from the Updato blog and includes many advertising frameworks. For a fee, users can remove the ads. If you search for terms such as ‘Samsung upgrade’ or ‘Samsung update’ in the Play Store, the app will already be at the top of the search results.

In addition to paying for an ad-free app, users can purchase a $35 annual subscription to download Samsung firmware upgrades. It looks like it’s actually Samsung’s firmware, but it’s not clear if users actually get the correct OS for their particular phone when they download it. The app does check if the app is running on a Samsung phone. On other models, the user will be shown that the phone is not supported.

It is striking that the checkout is not done via the Google Play api for subscriptions, but via directly entering credit card details in the app. That way, the app does not have to pay thirty percent to Google. The credit card details are sent to Updato via an api endpoint with https.

There is also a way to download the firmware for free, but the maximum download speed is 56KB/s, which means that downloading a 700MB ROM file takes at least four hours. The researchers also note that in many cases the downloads are terminated prematurely after a timeout. This seems to be primarily intended to wear down premium subscriptions for fast downloads. Finally, the app has a SIM card unlocking service with a starting price of $20. Users must create an account to download the upgrades.

The app does not appear to be malicious in the sense that it contains malware or attempts to steal data, CSIS Security researchers say. The large number of more than ten million installations seems to be mainly due to the use of the Samsung name, and the app offers little or no added value while users are tempted to pay hefty amounts. The app has both many good and many bad reviews. Users indicate that the app has a lot of advertising and is not really useful.

The app also requests access permission for the user’s location data and photos, but does not clarify what that is for. The makers do admit in the Play Store at the bottom of their description that the app is not affiliated with Google, Android, or Samsung.

You might also like
Exit mobile version