Security seems to be non-existent on Google Play Store, as it is filled with fake apps. And a recent report by Symantec has shed light on over 150 Fake Jio apps that promise users to get free data, but just end up displaying ads instead.
These apps were developed under 21 different kinds of package name, all of them promising to offer free data to its users. However, whenever a user downloaded these apps, they would receive nothing but help app developers earn advertising revenue with the number of downloads and advertisement views.
Image Courtesy: Symantec
The reason it is attracting so many users on the Play Store is primarily because all the apps have the same logo as the original My Jio app. Moreover, with the name including the term 'offers', it is tempting enough for users to get lured into its trap and click and install them on their Android phone.?
What's worse is that when you boot the app for the first time, it looks awfully similar to the actual My Jio app, including the UI, the colour accents and the buttons, making it difficult even for responsible users to make out the difference.
Image Courtesy: Symantec
On the fake app, there's a dialog box which asks users to add their number to activate free data boost. After entering the number the app shows a loading spinner that states that a request is being made to check the server for the eligibility. Symantec's report reveals that upon looking at the app's source code, it shows that no real connections or processing is taking place. Moreover, a sleep timer has also been added to extend the spinner's time on the screen, keeping users glued to the display.
After a while, the app shows a pop-up which congratulates the user that they're eligible for receiving the offer and gives it a set of instructions to avail it.
It later asks the user to share the app with 10 contacts via WhatsApp to activate the offer, some apps even send a text message without the user's knowledge! The message consists of the download link for the malicious app. The final step in this mayhem is displaying of advertisements. A few variants of the app tricks users to click on the app whereas others keep on shooting out different web pages.?
From January to June 2019, these fake apps were installed on over 39,000 smartphones, with a majority of them from India. Users signed up with Jio Security were not affected by these apps.?
We strongly recommend and urge to stay away from apps that promise free data or other offers, unless it is not offered from official channels. Always install apps from trusted sources. Additionally, have a look at the comments section of the app to make sure it is safe to proceed with.?