Fake ‘Updates for Samsung’ Android App Tricked 10 Million Users

• A fake Samsung update app has tricked 10 million users, and it’s still available on the Play Store.
• The app motivates its users to pay an absurd subscription for software that is otherwise free.
• What people are also getting from it is numerous ads, device freezes, and even boot locks.

Malware analyst Aleksejs Kuprins has posted a piece on Medium, warning Android users of an app titled “Updates for Samsung” which is nothing else than a scam tool created to trick Samsung phone owners into paying the developer. The app has already been downloaded by 10 million people, and at the time of writing this, it remains available on the Play Store. The researcher has sent a message to Google, calling them to consider the removal of the particular app from Android’s official store, but until now, nothing has happened.

The app is not a “classic” malware, so that’s probably why Google isn’t removing it from its app store, but the fact that it is fraudulent should be enough to guarantee its deletion nonetheless. More specifically, the app promises to automate the Samsung software updating process, bundling all the necessary patches and updates into a single package, and keep the firmware and OS to the latest available version. What happens instead is that the app connects to an ad-infested website that offers Samsung firmware updates for the price of $34.99. These firmware updates are taken from Samsung, as they are freely available, so there is your first sign.

Those who pick the “Free” download option will get download speeds that would be the equivalent of a PSTN Modem connection, almost always leading to a timeout. This is obviously done on purpose so that people get frustrated and pay for the “Premium” subscription. This annual subscription promises a yearly coverage of your device with the timely serving of any available firmware updates. The payment isn’t going through the Google Play subscriptions API as it should be, but instead, the app asks for the credit card details and sends it to its server over HTTPS.

As much as this would be an obvious trickery for many, the 10 million users who downloaded this app cannot be accused of being careless really. This is Samsung’s fault for not offering its customers a unified update tool that will clear up the confusion, and also their responsibility for not requesting Google to remove the fraudulent app from the Play Store. Right now, the user reviews on the Play Store indicate that the “Updates for Samsung” are serving up to 70 ads at once, cause their phones to lock and freeze, and even prevent booting up in some cases. All that said, you should stay away from it.

Have something to share about the above? Feel free to leave your comments in the dedicated section down below, or share your views on our socials, on Facebook and Twitter.