backtop


Print 40 comment(s) - last by KoolAidMan1.. on Apr 14 at 6:05 AM

App hit #1, Google never suspected a 869 KB "antivirus" app by the maker of "Yolo Bilbo Swaggins" might be fake

Ouch; Google Inc.'s (GOOG) Android suffered another image setback in the app credibility department this week, after one of its top apps was removed following a damning report by Michael Crider over at Android Police.

I. Virus Shield: "Very Low Impact on Battery Life" (Because it Does NOTHING)

Released at the end of March, "Virus Shield" promised to deal with one of Android users' greatest concerns -- security.  It was approved by Google for sale on the Play app store.  Perhaps it was the slick logo, or perhaps it was the bold promises...
  • Prevents harmful apps from being installed on your device.
  • Scans apps, settings, files, and media in real time
  • Protects your personal information
  • Strong antivirus signature detection
  • Very low impact on battery life
  • Runs in the background
  • No, ZERO pesky advertisments
Virus Shield

...that left users were smitten with the new app, downloading it by the droves.  Despite the cost, it quickly logged 10,000+ downloads in its first week, good enough for #1 on AppBrain's paid app charts.

Virus Shield

Users were overjoyed at the simplicity of Virus Shield, giving it -- on average -- a 4.6 star rating .  You just fired up the app and clicked the shield and an X icon changed to a check.  And voilà, you were protected... right?

Virus Shield

Well, not exactly.  Android Police's writer downloaded the app and decompiled it, which is pretty easy to do in Android with standard developer tools.  What he found was that the app did have some of the features promised -- but basically just the ones that had nothing to do with security.

It's true it had no ads, and it likely used next to no battery life.

The issue was that it used next to no battery life because it was quite-literally doing nothing.  The app appeared to have no real security features whatsoever, just feel-good 100-percent digital snakeoil.

II. Conned by a Kid?

Mr. Crider did not take this fabrication lightly.  He wrote regarding the app's developer "Deviant Solutions":

This is fraud, pure and simple, and the developer "Deviant Solutions" potentially made considerable amounts of money based on a complete lie. We assume that a lot of the initial reviews were fake, but now that it's on the top of the charts, at least a few people will be buying it in the belief that it will protect them.

A post on Scythe -- an online gaming store suggests that a user with the same email as the Virus Shield developer ("Jesse_Carter@live.com") was trying to scam users out of virtual goods back in 2011 under the name InceptionDeception.

Mr. Crider writes:

There is no developer website listed on the Play Store, but a quick search of the developer's email, "Jesse_Carter@live.com," reveals very little information. What you can see is a banned account at Sythe.org, where the user "InceptionDeviant" is accused of trying to scam people out of various low-value game items. That's about all we could find.

We believe we've found a bit more.  

A search with the original email turns up an account on Powerbot (a Runescape hacking site) from a male claiming to be 22.  But further investigation indicates the master scammer was really just a 17-year old kid currently living somewhere in the Fort Worth area (these facts can be gleaned via his responses in the comments, as seen below).

Jesse Bristol

Here's his YouTube account that he used to post Runescape hacking videos to.  In fact it appears that Jesse Carter was actually one of the most famous scammer/spammer in the Runescape (RS) scene, going by the name "Deviant".  He's perhaps most famous for his "WoodCutter" script, which many players used to cheat their way to cash.

Jesse Carter
Jesse Carter, from a video posted on YouTube

Now at the ripe age of 17 it appears that he's upgraded to fraud on Android, quite possibly making nearly $50K USD in the process (if AppBrain's estimates of 10k+ downloads are accurate).  Unless, that is if another hacker stole his identity and the scammer has become the scammed -- also a real possibility.

III. Blame Goes to the Faker, to Google, and to Clueless Users Alike

Whoever the faker is the, the fact that over $50,000 USD were lost to a fraud artist is a pretty big concern for Android and raises some natural questions.

First, Android users are clearly aware of security risks, so why did they foolishly pay hard-earned cash for a supposed security firm that has virtually no web presence.  The answer, in some cases may be that they confused Deviant Solutions (with an 's') with The Deviant Solution Group (DSG).  The two appear to be entirely unrelated.

One key difference between the two is that the The DSG and Deviant Solutions is that the former is solely a third-party development hired hand.  While its portfolio includes impressive products such as Pocket Attorney, it registers these products under its clients' name on the Play Store.  By contrast Deviant Solutions developed under its own name.  Another key different that's now clear is that while The DSG provided apps that actually do something useful, where as Deviant Solutions specialized in apps that had no meaningful actions.

Android app collection
Lack of screening and scrutiny is putting Google's reputation at risk.
[Image Source: Google Reader]

Regardless, even if people stumbled across the Deviant Solution Group and mistook it for Deviant Solutions, you'd still think they'd be a bit wary of ponying up $4 USD for a security service with no dedicated website.

The report also raises question on Google's end.  Apple, Inc. (AAPL) has drawn criticism at times for watching the iTunes App Store like a hawk and policing top ranked apps for signs of controversy and fraud.  At times it goes too far, certainly, but it does do a pretty good job making sure its users are stricken with such obvious fraud attempts.

While Google's pre-screening has gotten much better and relatively little malware slips through into Play Store, Google is perhaps too laissez-faire about not weeding out fakes from the ranks of its top apps.

If nothing else, the 859 KB size of the app package (talk about a lean antivirus program!), the fact that it asked for no network provisions, and its wild claims should have raised an eyebrow or two at Google.  Or perhaps Mr. Carter's previous apps...
  • Yolo Bilbo Swaggins
  • Secret SEO
...should have raised an eyebrow or two.  Instead Google appeared oblivious until Mr. Crider's excellent expose, at which point the ban hammer finally dropped.

Uber SEO

"Uber SEO", aka "Yolo Bilbo Swaggins" measures in at around 700 KB, so if we had to wager a guess, it's probably safe to say that it's not doing a lot of SEO for you.  Then again trusting an app called Yolo Swaggins to improve your web traffic would be kind of like trusting a security app with no public website... oh wait.

Sources: Android Police, Virus Shield on Google Play [cached]



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: How did Android get so bad?
By Rukkian on 4/8/2014 3:41:08 PM , Rating: 2
But this is Tony, I did not think he had it in him, which is why I am thinking somebody hijacked his account.


RE: How did Android get so bad?
By Mitch101 on 4/8/2014 5:30:28 PM , Rating: 2
Whats the term even a broken clock is right twice a day?


RE: How did Android get so bad?
By Nutzo on 4/9/2014 1:06:59 PM , Rating: 2
That only applies to the old, outdated analog clocks. A broken digital clock is usually wrong all the time.


"This is about the Internet.  Everything on the Internet is encrypted. This is not a BlackBerry-only issue. If they can't deal with the Internet, they should shut it off." -- RIM co-CEO Michael Lazaridis














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki