Virus Shield: Totally fake security app becomes #1 paid app in Google Play

Virus ShielfWell that was pretty embarrassing. Google has been left with egg on its face yet again after it was forced to remove one of its top security apps, following a damning report in Android Police that revealed it to be totally fake.

Most readers will be aware of Android’s reputation as a bit of a haven for malware, so it’s not surprising that people may want to download anti-virus apps to protect their phones. The only problem is, it turns out that nobody is watching the watchers, and yesterday’s No.1 paid app in Google Play has turned out to be a total scam.

Virus Shield, which is no longer available on the Play Store, launched about one week ago, for $3.99 and was the top paid app. In the description, the app claimed to be preventing harmful apps from being installed; scanning apps, settings, files and media, and protecting your personal information. Add to that no advertisements, no permissions, and low impact on battery life, and you have thousands of users paying and downloading Virus Shield.

Here’s the full list of promises made by Virus Shield:

  • Prevents harmful apps from being installed on your device.
  • Scans apps, settings, files, and media in real time
  • Protects your personal information
  • Strong antivirus signature detection
  • Very low impact on battery life
  • Runs in the background
  • No, ZERO pesky advertisements

Those are some pretty enticing claims, so it’s not surprising that thousands of users flocked to the app in their droves. Despite costing $3.99, the app quickly surpassed the 10,000 downloads mark, good enough to secure top spot on AppBrain’s paid app charts.

The reviews were impressive too, with Virus Shield notching a commendable 4.6 star rating. After all, all you had to do was download it, click the shield and voila – your phone was fully protected.

2

Except of course, it wasn’t at all. As Android Police’s Michael Crider discovered when he downloaded and decompiled the app – a simple enough task when using developer’s tools – the app actually does nothing at all.

Okay, so it’s not a total lie – there’s definitely no ads, and it almost certainly did have a very low impact on the battery life, but that’s because it had zero security features at all. Nothing, zilch, diddly squat – Virus Shield did nothing whatsoever to protect your phone, just sat there looking pretty.

Android Police wasn’t at all impressed:

“This is fraud, pure and simple, and the developer “Deviant Solutions” potentially made considerable amounts of money based on a complete lie. We assume that a lot of the initial reviews were fake, but now that it’s on the top of the charts, at least a few people will be buying it in the belief that it will protect them.”

Whoever created Virus Shield apparently has a bit of history too – Android Police later discovered a post on the online gaming store Scyth, which shows that a user with the same email address as Virus Shield’s developer was caught trying to cheat users out of virtual goods under the pseudonym InceptionDeception.

Android Police continues:

“There is no developer website listed on the Play Store, but a quick search of the developer’s email, “Jesse_Carter@live.com,” reveals very little information. What you can see is a banned account at Sythe.org, where the user “InceptionDeviant” is accused of trying to scam people out of various low-value game items. That’s about all we could find.”

Whoever built Virus Shield is almost certainly guilty of fraud (even if it’s somewhat amusing), but this news once again highlights the major problem with mobile app stores – too many dodgy apps keep slipping through the net. Android is undoubtedly the worst mobile OS as far as fake and malware-carrying apps go, but that doesn’t mean Apple’s iPhone is exempt from this problem. Back in March, the developers of the Tor browser stumbled across a fake version of their software in the iTunes store that was loaded with spyware and adware. Apparently that app was available to download for several months before Apple removed it.

1

Those worried about fake antivirus software may do well to recall the skepticism of Chris DiBona, Google’s Director of Open Source, who warned back in 2011 that such software isn’t really needed on Android anyway:

“No major cell phone has a ‘virus’ problem in the traditional sense that windows and some mac machines have seen. There have been some little things, but they haven’t gotten very far due to the user sandboxing models and the nature of the underlying kernels.

No Linux desktop has a real virus problem.

Yes, virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and IOS. They are charlatans and scammers. IF you work for a company selling virus protection for android, rim or IOS you should be ashamed of yourself.

If you read a report from a vendor that trys [sic] to sell you something based on protecting android, rim or ios [sic] from viruses they are also likely as not to be scammers and charlatans.”

Whoever ‘built’ Virus Shield was playing on people’s fears, but to be fair its hardly the first time this has happened. Apps misrepresent themselves all the time, and the solution to this problem isn’t anti-virus software at all. What’s needed is stricter checks by companies like Google and Apple themselves, but considering that Google fell for this blatantly obvious scam, that’s probably just a pipe dream.

Hard luck if you were one of those who got scammed!

About Mike Wheatley

Mike loves to talk about Big Data, the Internet of Things, Hacktivists and hacking, but he also hates Google and can never resist having a quick dig at them should the opportunity arise :) Got a REAL news story or tip? Email Mike@SiliconANGLE.com.