Texas 17-Year Old Scams Thousands of Android Users With Fake AV App
April 7, 2014 3:16 PM
comment(s) - last by
App hit #1, Google never suspected a 869 KB "antivirus" app by the maker of "Yolo Bilbo Swaggins" might be fake
Ouch; Google Inc.'s (
) Android suffered
another image setback
the app credibility department
this week, after one of its top apps was removed following
a damning report
by Michael Crider over at
I. Virus Shield: "Very Low Impact on Battery Life" (Because it Does NOTHING)
Released at the end of March, "
" promised to deal with one of Android users' greatest concerns -- security. It was approved by Google for sale on the Play app store. Perhaps it was the slick logo, or perhaps it was the bold promises...
Prevents harmful apps from being installed on your device.
Scans apps, settings, files, and media in real time
Protects your personal information
Strong antivirus signature detection
Very low impact on battery life
Runs in the background
No, ZERO pesky advertisments
...that left users were smitten with the new app, downloading it by the droves. Despite the cost, it quickly logged 10,000+ downloads in its first week, good enough for #1 on AppBrain's paid app charts.
Users were overjoyed at the simplicity of Virus Shield, giving it -- on average -- a 4.6 star rating . You just fired up the app and clicked the shield and an X icon changed to a check. And voilà, you were protected... right?
Well, not exactly.
's writer downloaded the app and decompiled it, which is pretty easy to do in Android with standard developer tools. What he found was that the app did have some of the features promised -- but basically just the ones that had nothing to do with security.
It's true it had no ads, and it likely used next to no battery life.
The issue was that it used next to no battery life because it was quite-literally doing nothing. The app appeared to have no real security features whatsoever, just feel-good 100-percent digital snakeoil.
II. Conned by a Kid?
Mr. Crider did not take this fabrication lightly. He wrote regarding the app's developer "Deviant Solutions":
This is fraud, pure and simple, and the developer "Deviant Solutions" potentially made considerable amounts of money based on a complete lie. We assume that a lot of the initial reviews were fake, but now that it's on the top of the charts, at least a few people will be buying it in the belief that it will protect them.
A post on Scythe -- an online gaming store suggests that a user with the same email as the Virus Shield developer ("Jesse_Carter@live.com") was
trying to scam users
out of virtual goods back in 2011 under the name InceptionDeception.
Mr. Crider writes:
There is no developer website listed on the Play Store, but
a quick search of the developer's email
, "Jesse_Carter@live.com," reveals very little information. What you can see is a banned account at Sythe.org, where the user "InceptionDeviant" is accused of trying to scam people out of various low-value game items. That's about all we could find.
We believe we've found a bit more.
A search with the original email turns up
an account on Powerbot
(a Runescape hacking site) from a male claiming to be 22. But further investigation indicates the master scammer was really just a 17-year old kid currently living somewhere in the Fort Worth area (these facts can be gleaned via his responses in the comments, as seen below).
his YouTube account
that he used to post Runescape hacking videos to. In fact it appears that Jesse Carter was actually one of the most famous scammer/spammer in the Runescape (RS) scene, going by the name "Deviant". He's perhaps most famous for his "WoodCutter" script, which many players used to cheat their way to cash.
Jesse Carter, from a video posted on YouTube
Now at the ripe age of 17 it appears that he's upgraded to fraud on Android, quite possibly making nearly $50K USD in the process (if AppBrain's estimates of 10k+ downloads are accurate). Unless, that is if another hacker stole his identity and the scammer has become the scammed -- also a real possibility.
III. Blame Goes to the Faker, to Google, and to Clueless Users Alike
Whoever the faker is the, the fact that over $50,000 USD were lost to a fraud artist is a pretty big concern for Android and raises some natural questions.
First, Android users are clearly aware of security risks, so why did they foolishly pay hard-earned cash for a supposed security firm that has virtually no web presence. The answer, in some cases may be that they confused Deviant Solutions (with an 's') with
The Deviant Solution Group
(DSG). The two appear to be entirely unrelated.
One key difference between the two is that the The DSG and Deviant Solutions is that the former is solely a third-party development hired hand. While its portfolio includes impressive products such as
, it registers these products under its clients' name on the Play Store. By contrast Deviant Solutions developed under its own name. Another key different that's now clear is that while The DSG provided apps that actually do something useful, where as Deviant Solutions specialized in apps that had no meaningful actions.
Lack of screening and scrutiny is putting Google's reputation at risk.
[Image Source: Google Reader]
Regardless, even if people stumbled across the Deviant Solution Group and mistook it for Deviant Solution
, you'd still think they'd be a bit wary of ponying up $4 USD for a security service with no dedicated website.
The report also raises question on Google's end. Apple, Inc. (
) has drawn criticism at times for watching the iTunes App Store like a hawk and
policing top ranked apps
signs of controversy
. At times it
goes too far
, certainly, but it does do a pretty good job making sure its users are stricken with such obvious fraud attempts.
Google's pre-screening has gotten much better
and relatively little malware slips through into Play Store, Google is perhaps too laissez-faire about not weeding out fakes from the ranks of its top apps.
If nothing else, the 859 KB size of the app package (talk about a lean antivirus program!), the fact that it asked for no network provisions, and its wild claims should have raised an eyebrow or two at Google. Or perhaps Mr. Carter's
Yolo Bilbo Swaggins
...should have raised an eyebrow or two. Instead Google appeared oblivious until Mr. Crider's excellent expose, at which point the ban hammer finally dropped.
"Uber SEO", aka "Yolo Bilbo Swaggins" measures in at around 700 KB, so if we had to wager a guess, it's probably safe to say that it's not doing a lot of SEO for you. Then again trusting an app called Yolo Swaggins to improve your web traffic would be kind of like trusting a security app with no public website... oh wait.
Virus Shield on Google Play [cached]
This article is over a month old, voting and posting comments is disabled
RE: How did Android get so bad?
4/8/2014 9:59:14 PM
We are talking about 4.x here. The surprising thing is that it actually hasn't gotten any better. The app gap is as big as its ever been, the OS is still laggy in UI and apps, so much so that editing applications aren't even doable, and so on.
Whats funny is that you guys were making the same defenses of 2.x back in 2011. Now you badmouth it to make it seem like Android is fixed. In two years you guys will be saying "4.x was bad but this time its ACTUALLY better". You are such a joke!
WP has problems with app selection but at least it is smooth and polished and doesn't suffer from the basic architectural issues that Android has. I really liked it and I hope it catches on for the sake of its software library.
I do NOT understand the fanaticism that Android has. It is so second rate. Its like seeing something passionately defending a Kia.
RE: How did Android get so bad?
4/8/2014 11:13:01 PM
"We are talking about 4.x here"
But you are wrong. What Reclainer said.
"You've failed here. Just shut up"
Seriously man, you are like arguing with a 12 year old know it all that knows jack shit. Your points are beyond ridiculous and vapid. a couple people complaining on a forum does not equal science.
RE: How did Android get so bad?
4/14/2014 6:05:52 AM
No, I linked to articles reinforcing that those have not been fixed. Any mobile developer will say the same thing, before diving into why Eclipse is such garbage compared to Xcode. You just choose t bury your head in the sand and say "But you are wrong" no matter what reality is.
You like the freedom in hardware configurations, and that's cool, even when your own G2 is "limited" compared to something like an S4 in options and features. Your refusal to accept Android's rough edges at all costs is standard console fanboy defense, except it's coming from a middle aged man instead of a 14 year old.
RE: How did Android get so bad?
4/8/2014 11:17:57 PM
Here... Your type of data.
100 million hits when searching for iPhone complaints. Wow, it must be a runaway disaster right?
Of course not, I just post that sarcastically to show how stupid you sound when you like 5x today post to some clowns on a forum complaining as evidence.
"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes
Apple Kills Last iOS Bitcoin Wallet App
February 6, 2014, 7:58 PM
Apple Continues Its “Google Cleansing” by Removing YouTube App in iOS 6 Beta 4
August 6, 2012, 3:02 PM
Android Malware "DDSpy" Pretends to be Gmail, Steals Phone Logs
June 7, 2012, 10:59 PM
McAfee Report Claims Virtually All Mobile Malware in Q3 2011 Aimed at Android
November 21, 2011, 12:45 PM
Developer Demonstrates Serious Security Breach in iOS, Apple Bans His Account
November 8, 2011, 9:06 AM
Report: Microsoft's Chinese Offices Raided
July 28, 2014, 9:16 PM
Cell Phone Unlocking Bill Heads to President Obama's Desk
July 28, 2014, 11:58 AM
T-Mobile CEO John Legere is on the Warpath Again; Introduces $100, 10GB Family Plan
July 28, 2014, 10:12 AM
Report: All 15" MacBook Pros to Receive 16GB RAM Standard Starting Tomorrow
July 28, 2014, 8:12 AM
Sony's Xperia Z3 Gets Detailed in Leaked Photos
July 25, 2014, 2:30 PM
Heavy Users of Verizon’s “Unlimited” LTE Data Could Soon See Targeted Throttling
July 25, 2014, 1:52 PM
Most Popular Articles
Ford Details ’15 F-150’s 325hp, 2.7L EcoBoost V6; Demonstrates 732-lb Weight Loss
July 22, 2014, 6:55 PM
Comcast Memo: Harassing Customers During Retention Calls Actually IS Our Policy
July 22, 2014, 5:19 PM
Kindle Fire Phone Review Roundup -- A Solid "Meh"
July 23, 2014, 2:09 PM
Windows 9 Will Merge Windows, Windows Phone, Windows RT in 2015
July 23, 2014, 3:33 PM
Russia Looks to Counter U.S. Sanctions With Bill Targeting American Tech Firms
July 22, 2014, 3:49 PM
Latest Blog Posts
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information