The #1 paid app in the Google Playstore "Virus Shield" is a complete scam

Security is an important factor when it comes to technology, and in most cases you can never have too much. In 2014, our smartphones know more about us than we know about ourselves, and if malware were to creep onto our smartphones then we could potentially suffer some major consequences. As a result, like any reasonable person, we would look to secure our device. This is what Deviant Solutions, the creator of the current #1 Play Store app, decided to capitalize on.

No, ZERO!

Virus Shield claims it is an antivirus that "protects you and your personal information from harmful viruses, malware, and spyware" and "Improve the speed of your phone," and it does this all with one click. It also claims to have a minimal impact on battery, run seamlessly in the background, and if that wasn't enough, it also acts as ad-block software that will stop those "pesky advertisements." This app costs $3.99, has been on the Play Store for just under two weeks and has already had 10,000 downloads with a 4.5 star review from 1,700 people. 2,607 people hit the Google "recommend" button. This means that the app must be doing something right... right?

Unfortunately for the buyers, Android Police has discovered that all the app does is change a red "X" graphic to a red "check" graphic. Literally. The 859kb app doesn't protect, secure, or scan anything. More work went into the Settings menu than the actual "security" portion of the app, and it appears that thousands of users have been scammed out of their money.

For $3.99, you get to see the image on the left turn into the image on the right

In tracking down the creator, it appeared that the creator was a well known scammer who had been banned from forums for trying to scam people out of low-valued online game items.

This calls into question some concerns about the openness of the Play Store. Is a walled-garden approach where the app goes through a strict review process, similar to what currently takes place in Apple's App Store, a better model for smartphones? Or does the freedom that comes from Google's approach outweigh the negatives of a bad app creeping in every now and then?

Google has just taken down the app a couple of hours ago and the link now returns a 404.

Android Police have posted the full code on Github which you can access here.

Source: Android Police

Report a problem with article
Previous Story

Windows Phone 8.1's Word Flow feature breaks world record for fastest text on a touchscreen

Next Story

Qualcomm announces Snapdragon 810 and 808 64-bit processors

114 Comments

Commenting is disabled on this article.

techbeck said,
sarcasm i am assuming since scams/false apps like this have been reported on all app stores.

Not even close to the Ammount on android. Android is by far the most malware and virus infected mobile OS in the world.

stevan said,

Not even close to the Ammount on android. Android is by far the most malware and virus infected mobile OS in the world.

And not a single soul I know has encountered one. Stop crying "WOLF" so much just to make yourself feel better.

Nogib said,

And not a single soul I know has encountered one. Stop crying "WOLF" so much just to make yourself feel better.

And? It's no secret the Play store is a house of horrors. This isn't the first Android malware story, and I'm sure it won't be the last.

Nogib said,

And not a single soul I know has encountered one. Stop crying "WOLF" so much just to make yourself feel better.

I haven't met anyone either but still doesn't change a fact.

Dot Matrix said,
And? It's no secret the Play store is a house of horrors. This isn't the first Android malware story, and I'm sure it won't be the last.

House of horrors? Not even close. Likes saying every Windows release is a house of horrors. Malware is not a huge issue on Android as people make it out to be. Normally only ones complaining are the antis.

I've never seen any malware either nor do the many of the people I know wit Androids. Not saying they dont exist, but again, people making way to big a deal out of it.

I wouldn't be surprised if Deviant were paying shills/scammers to write good reviews to get the app to No.1. It's all too easy to write an app that LOOKS like it does something, to fool non-tech users. It's another to profit from it or pay other scammers to write 5 * reviews. They probably made double what they pay out to fake reviewers by selling the "app".

It's happened before. Belkin even did something similar with a physical product of theirs, the product was so awful they had to pay people to lie and promote it positively.

I'm sure this is just the start of Android's issues. Windows had so many virus problems because it dominated the personal computing market. Now personal computing has gone mobile and Android is dominating. They will face similar issues in the coming year. And considering how open Android is, the consequences will be bigger than on Windows.

People don't understand that currently there are more "dumb" smartphone users than "techy" ones. Waaaaaay more. Apple always got my respect for developing their ecosystem for the "dumb" users. And I'm in no way trying to insult anyone.

stevan said,
People don't understand that currently there are more "dumb" smartphone users than "techy" ones. Waaaaaay more. Apple always got my respect for developing their ecosystem for the "dumb" users. And I'm in no way trying to insult anyone.

They didn't do a good job with the iTunes store then. I'm pretty proficient from a technical point of view and I still find myself lost or confused when try to use it...or pay for something.

PhilTheThrill said,
They didn't do a good job with the iTunes store then. I'm pretty proficient from a technical point of view and I still find myself lost or confused when try to use it...or pay for something.

...how? Android and iOS app stores are quite similar in functionality...

I never install anything on any device without first knowing what it is im installing! Spending a few minutes on the web researching uncovers most scams, and its not difficult to find out who the more reputable software devs are.

As also said above, plenty of free genuine stuff without having to pay for fakes!

I'd pay for an app every day of the week than to have this freemium garbage where you accidentally click a button and get dragged out of the app to some sketchy site.

(sorry, was just incredibly frustrated yesterday trying to add functionality on my Android phone when I ran into this crap)

dead.cell said,
...

Agreed.
Since WP is mainly Ad supported trials with paid versions that remove advertisements, I've thrown more money at app devs than ads clicked.

My battery thanks me.

So funny :) 2,607 retards... This is likely to happen when people download apps from unknown/untrusted publishers.

I've been using "Lookout" for 3 years now, and it's worked great. It's also free.
I've had Kaspersky (it's on my desktop and laptop) and BitDefender as well.

Doesn't this happen in all the app stores from time to time?

It's just unfortunate for Google that this particular scam was so successful and therefore high profile.

I've been antivirus free on my computer and phone for years now. Just have to be not retarded. But i Guess if you have kids using the machine it need it, god knows what i did when i was one and smartphone didnt exist lol

Oh i love my nexus 5,gotta like pure Android..

And that's why freedom isn't for everyone. You can't protect idiots and naives against themselves. Yet, I still prefer the openness of the Play Store to the artificial barriers of the Apple Store

Maybe I am missing something obvious, but isn't it a bit ironic that the user base of Android often consists of people hating Windows for e.g. need of virus protection, crashes etc. but have no problem installing virus protection on their Android-phone?! Not saying it's wrong, just a bit ironic.

Pettor said,
Maybe I am missing something obvious, but isn't it a bit ironic that the user base of Android often consists of people hating Windows for e.g. need of virus protection, crashes etc. but have no problem installing virus protection on their Android-phone?! Not saying it's wrong, just a bit ironic.

The people you're referring to are iPhones users, not Android users ;)

Windows and Linux users in general prefer Android phones for their openness

No, only on the internet do people care about such trivial stuff. Remember that internet communities do not reflect reality.

People buy Android phones because their cheaper more than anything, or otherwise want a bigger screen. Having options like a MicroSD card is sometimes brought up, but otherwise, very few ever mention "openness".

How about widgets? The ability to customize your home screen to serve useful information instead of just ugly icons cluttering up four hundred homescreens? Sideloading of applications? .... the list goes on.

As an Android user myself, those are nice features but again, that isn't often why people buy an Android phone.

If I showed you two phones, one which has a smaller screen where you pay X amount with a 2 year activation versus paying nothing and having a phone that does similar things with a bigger screen... isn't the choice then obvious?

If we were talking Linux users alone, then yes, I might buy that. Windows users are quite simply too diverse though for me to believe that there's a real correlation there.

lol wow thats crazy, a lot of apps slip through the cracks with android. They need to get a better system to verify apps and stop they fakes and duplicates. seems like its too easy to get an app in the store. They better refund those people as well.

I suspect google does this on purpose. by turning a blind eye to scams, copyright infringement, etc, it simply furthers android adoption.

neonspark said,
I suspect google does this on purpose. by turning a blind eye to scams, copyright infringement, etc, it simply furthers android adoption.

Wow, really? funny.

I wasn't surprised at all basically because the Android ecosystem itself is vulnerable to viruses, malwares, trojans, ... name-it-all, so.

Hethler said,
I wasn't surprised at all basically because the Android ecosystem itself is vulnerable to viruses, malwares, trojans, ... name-it-all, so.

Have you had that paranoia checked? I've run Android devices for four years now and encountered NONE. Same thing with Windows, never had a single virus or malware in my life. It isn't that hard people!

But. But. But, quite a few people here on Neowin taught me only iOS users are sheep mindlessly buying stuff. Now there's an article on the main page about Android users not only buying a truly worthless product en masse, but actually recommending it to others too. It's the world upside down! :cry:

Enron said,
And quite a few people here on Neowin told me I'd be safe if I only got things off the Google Play store.

to be fair, your safety wasn't compromised in any way. It just do anything so your $4 out of pocket for a feeling of extra security.

That's you are safe if you get things of the play store, the app doesn't do anything to make you unsafe. just lightens your wallet a bit lol

joemailey said,
That's you are safe if you get things of the play store, the app doesn't do anything to make you unsafe. just lightens your wallet a bit lol

That's generally what malware wants to do - get money out of you by selling you something you don't need, or serve you ads, monetizing the victim. Google Play just made it easy for these scammers to achieve their goal.

Well at least the App did a few things it promised, no adverts and low impact on the battery since it didn't actually do anything.

Funny how 800+ people left good reviews like "phone seems to run faster", Placebo effect they call this in medical terms when people take sugar tablets thinking they're the real thing.

ive had two android phones and i dont think i like anything about them anymore

im thinking of getting either a windows phone or firefox os, which one would be of higher quality?

garou_heki said,
ive had two android phones and i dont think i like anything about them anymore

im thinking of getting either a windows phone or firefox os, which one would be of higher quality?

Windows Phone of course.

with 8.1 and all its new features along with Cortana its a no brainer, unless you dislike WP for some reason in particular, its your phone and choice after all.

yowanvista said,
The iPhone is by far the best choice when it comes to premium quality.

I'll agree but then as with all Apple products your made to pay for that premium. I can't mentally justify paying double the cost of a Nexus 5 for an iPhone 5S. Certainly its a better build but is it twice the build of a Nexus 5? I think not.

yowanvista said,
The iPhone is by far the best choice when it comes to premium quality.

well there is a subjective statement, quality wise i don't see much if any difference in quality between iPhone and top end lumias, or even some top end androids.

i would discount the androids based on the subject of this thread and my point above.

so as i personally prefer the wp OS (which will be adding some serious features very soon) my statement is "The top end lumias are by far the best choice when it comes to premium quality"

but of course i know the iphone is a quality device (measuring here purely on build quality and other none subjective points), i just prefer the look and feel and usability of wp, as you obviously prefer the iphone.

SK[ said,]

I'll agree but then as with all Apple products your made to pay for that premium. I can't mentally justify paying double the cost of a Nexus 5 for an iPhone 5S. Certainly its a better build but is it twice the build of a Nexus 5? I think not.

i feel the same. iPhone 4s is my phone of choice. perfect choice for getting IOS, quality phone, for 1/2 the ridicules price of the newest model.

My 16GB iPhone 4S cost me £499 over 2 years ago (I think the 32GB was £599). The Nexus 32GB cost me £339 three months ago. That's quite a difference in price.

yowanvista said,
The iPhone is by far the best choice when it comes to premium quality.

I'd have to say meh. Not worth the premium... and definitely not worth supporting Apple's walled garden.

If I was to rule out Android, I'd go Lumia all the way. I was actually close to getting one when the Note 2 came out. Apps where what kept me on Android (and is what will keep on Android when I get my S5 in the near future).

I don't think I could make myself pull the trigger on a Firefox phone... I'd have to see one and be completely wowed. They'd have to prove they'd support the phone for 2+ years as well, which to many companies don't do...

Can't say I'd trust a bit player (Firefox?

SK[ said,]My 16GB iPhone 4S cost me £499 over 2 years ago (I think the 32GB was £599). The Nexus 32GB cost me £339 three months ago. That's quite a difference in price.
holy crap! only $300 CAD brand new here, no contract, just buy. If a person doesn't mind, used is only $150 CAD

wernercd said,

and definitely not worth supporting Apple's walled garden.

QFT! Nobody should be suckered into iCrap!

Nogib said,

QFT! Nobody should be suckered into iCrap!

for everyone that i have encounter that says that, they have never had a iphone. Always just young teens trying to be cool... are you a teen trying to fit in and be cool on neowin? its ok if you are, as you age you start to learn to like things for what they offer you and you ignore what all the other "cool" kids say.

I think there should be also a team checking for the software on the play store. Analyzing what it does and whatnot. I know it takes time, resources and there's plenty of submissions everyday. But still, better than nothing or just Google Bouncer.
Also, those reviews.. sometimes I'm skeptic when reading those.. I guess there's a reason behind it. How do they rate a five star app that does nothing? It's not like the app detects something suspicious and removes it.

Edited by MidnightDevil, Apr 7 2014, 8:06am :

but they've made their bed and have to lay in it, changing now would (IMO) require them to go over all existing apps OR force devs to resubmit via the walled garden approach, which would also be a mountain of work.

This is why people feel they need an AV on android, this and being able to easily side load (I know its contentious, but putting the responsibility in the user is a guaranteed way of making things insecure due to the vast majority ignoring warnings based on the promise of 'stuff').

I feel the iOS and WP solutions far better, it protects from the ground up against scams and viruses and the user doesn't have to know anything, they cant make a mistake or be enticed into making their phone insecure.

duddit2 said,
I feel the iOS and WP solutions far better, it protects from the ground up against scams and viruses and the user doesn't have to know anything, they cant make a mistake or be enticed into making their phone insecure.

Didn't a whole bunch of fake Google apps pass through WP store approval system? Wouldn't those apps qualify as scam? More so when they were paid apps.

ichi said,

Didn't a whole bunch of fake Google apps pass through WP store approval system? Wouldn't those apps qualify as scam? More so when they were paid apps.

Yes, but people always "forget" that issues like this exist on most/all systems and are hard to control.

ichi said,

Didn't a whole bunch of fake Google apps pass through WP store approval system? Wouldn't those apps qualify as scam? More so when they were paid apps.

This doesn't ring a bell for me, not saying it didn't happen but can you provide links? I'm interested in knowing more about this.

ichi said,

Didn't a whole bunch of fake Google apps pass through WP store approval system? Wouldn't those apps qualify as scam? More so when they were paid apps.

The sad truth is, there are more scam apps posted too Google Play on a daily basis, than have ever made it through Apple or MS's review processes.

Mistakes DO happen, can't deny it, but to take take the handful of examples from one platform, and put them against the ongoing issues in the Playstore it a bit of a farce.

Would be like saying the Police can't stop all crime, so just stick with Anarchy..

Ryoken said,

The sad truth is, there are more scam apps posted too Google Play on a daily basis, than have ever made it through Apple or MS's review processes.

Mistakes DO happen, can't deny it, but to take take the handful of examples from one platform, and put them against the ongoing issues in the Playstore it a bit of a farce.

Would be like saying the Police can't stop all crime, so just stick with Anarchy..

The original statement was that the iOS and WP solutions were better.

iOS approval system is definitely more strict, which might be good or not depending on your preferences but it at least guarantees some higher control over what gets in the store.

WP on the other hand... it's quite recent compared to Google Apps or the iOS store, but letting obvious fakes in doesn't inspire much confidence in their approval system. I mean, it's not another flappy bird clone, they are apps violating not only the trademarks of the apps but also with devs posing as Google Inc themselves.

Microsoft's statement after the removal of said apps imply that it's up to devs to police infringement and notify for removal.

http://thenextweb.com/microsof...r-approval-process-problem/

This Google apps incident isn't a one time isolated issue either: http://www.techienews.co.uk/97...ore-plagued-junk-fake-apps/

Then again maybe MS is doing a better job at policing their store than Google, I don't know, but still saying that "the WP solution is better" doesn't seem to ring true since it looks like the exact same solution as that of the Play Store.

ichi said,
...
I'll openly admit to not being as familliar with MS's process as Apples.

That said, I haven't heard of any Malicious Apps making it into the MS store, where as several have made it into the Google Play store..

I'd take a hundred apps that do nothing but pose as someone else, over one that actually does something bad.

Ryoken said,
I'll openly admit to not being as familliar with MS's process as Apples.

That said, I haven't heard of any Malicious Apps making it into the MS store, where as several have made it into the Google Play store..

I'd take a hundred apps that do nothing but pose as someone else, over one that actually does something bad.

Well, of course, no one likes nasty things running on his phone.

IIRC over 95% of all the mobile malware is targeting Android, with about a 0.1% of short lived infected apps making it to the Play Store.
When (and if) malware begins seriously targeting WP we will be able to see if Microsoft's policies and security measures on their store are really working.

The only fact right now is that WP enjoys a similar security status as Linux on the desktop: it might get worse if marketshare increases, or it might not, but as of now you are safer on that platform.

But then the article is about scams, not actual malware, and there's plenty of that on the WP store. Even if their anti-malware policies turned out to be really strong, their filtering for fake apps and scams certainly doesn't seem to be working all that well.

Those WP fake apps are not known to be malicious, but lots of them are about $2.

Yes the walled garden is better, it doesn't necessarily hurt the platform, iOS users are not missing out on anything by the App Store not being open, on the flip side they are generally protected from this sort of rubbish and malware/viruses in general.

Uplift said,
Yes the walled garden is better, it doesn't necessarily hurt the platform, iOS users are not missing out on anything by the App Store not being open, on the flip side they are generally protected from this sort of rubbish and malware/viruses in general.

Not missing out? Tons of apps won't get through review. What about alternatives to Apple's apps? "Dirty" apps (porn drives the internet... )? Apps that get denied for no reason given leaving the app developer in limbo? Inability to customize huge swaths of the iPhone experience?

And generally protected? Most of the time, there are more than a few jailbreaks out, and they normally don't take long to surface after an update. Know what that means? Holes being abused. Abused by the "good guys". Oh... and the whole certificate fiasco (NSA says hello).

And there are more than a few examples of dodgy apps making it unto the app store.

All in all... The iPhone's walled garden isn't "better". It's different. (and it's "magical"!!!).

Google's approach is more wild-west'ish... but if you stay off of custom APK's and pay attention to reviews, it shouldn't be any worse. Bad apps will get removed as they get noticed. Just like on the iStore. And in the end, you have more control of your device.

As a power user, I couldn't stand the iPhone when I had it (3GS, back when it was arguably the best). Now that they have fallen behind? Forgetaboutit.

Android gets 97% of malware (http://tech.fortune.cnn.com/20...enterprise-android-malware/).
And iOS users are not missing out on anything. If you really want porn, there's the Internet for that (no need for an app). And there are a lot of alternative to Apple's apps. On my iPhone my main browser is Chrome, I use the Yahoo! weather app and since Apple maps are totally useless where I live, I use Google Maps exclusively.

Uplift said,
Yes the walled garden is better, it doesn't necessarily hurt the platform, iOS users are not missing out on anything by the App Store not being open, on the flip side they are generally protected from this sort of rubbish and malware/viruses in general.

Related / Slightly off topic - This is the reason why game developers have been vocal about Windows 8 and the changes / direction Microsoft is going now. They fear MS doing this and losing windows opening to just install anything (which 8.x is at the moment).

I have a lumia 520, and can't help but find "fake" apps for one's that don't exist. That's not to say there's great apps for Windows Phone, especially Nokia and MS created apps.

Honestly, why not both models? I recommend a process where devs can go through a screening process, maybe even for a small fee, and if approved, get some sort of google verified check mark that consumers can see and will know that that app is the real deal. the normal process is still there and consumers can still choose to get those apps as well but verified apps simply guarantee quality.

Hum said,
But who is going to verify 1000's of apps ?

If there was a small fee to get approved, then this could all go towards hiring a small team to do it. Or perhaps crowdsourcing using some kind of device emulator and paying regular people to do it, and then comparing 2-3 people's responses to avoid fraud.

Devs already pay an annual $99 fee, just like the Apple App store. Many small time dev's wouldn't choose this option as they wouldn't see the return. This would only attract the big guys who constantly get in the top rated charts.

djdanster said,
Devs already pay an annual $99 fee, just like the Apple App store.

On Android? It's a one time $25 fee AFAIK.

The AVG one is awesome, I've seen prevent dodgy apps on my Nexus from running but it's tracking features and lock down if lost is worth every penny.
No doubt the likes of Kaspersky and other AV products are worthy.

Sarm said,
The AVG one is awesome, I've seen prevent dodgy apps on my Nexus from running but it's tracking features and lock down if lost is worth every penny.
No doubt the likes of Kaspersky and other AV products are worthy.

You can track, lockdown and erase your device for free using Android Device Manager from Google: https://www.google.com/android/devicemanager

Hum said,
So which android AV app is not a scam ?

I use this really cool one called Virus Shield =). Its like 3 or 4 dollars but it makes me feel more secure.

What exactly do you mean by "openness of the Play Store" as opposed to "a walled garden approach"? What sort of review does Google even do then, when obvious crap like this gets by them so easily?

Romero said,
What exactly do you mean by "openness of the Play Store" as opposed to "a walled garden approach"? What sort of review does Google even do then, when obvious crap like this gets by them so easily?

This may help explain what a walled garden is in this context: https://en.wikipedia.org/wiki/Walled_garden_(technology)

Re: Google's review process: they use an automated scanning feature called Google Bouncer that checks for malicious apps, however its not bullet proof. The overall concept depends on the users themselves submitting feedback about the quality of the app. In this case, the result was placebo, so people still gave it positive feedback.

Hello,

Keeping in mind that it's notoriously hard to test anti-malware software anyways, the Google Play Store's Bouncer system doesn't test a program's suitability or usefulness, as far as I know. It just checks for malicious behavior. In the case of "Virus Shield," the program doesn't actually appear to do anything at all, so there's no "bad action" for Bouncer to flag.

FakeAV programs have been a problem on the Windows side for quite some times, and there was even a spate of them on OS X a few years ago. That it's made the jump to Android shouldn't be surprising...

Regards,

Aryeh Goretsky

Romero said,
What exactly do you mean by "openness of the Play Store" as opposed to "a walled garden approach"? What sort of review does Google even do then, when obvious crap like this gets by them so easily?

Obvious crap gets by all app stores. WP had a bunch of fake Google apps posted not that long ago. iOS had their issues to. No approach will be perfect and things will be missed.

Romero said,
What exactly do you mean by "openness of the Play Store" as opposed to "a walled garden approach"? What sort of review does Google even do then, when obvious crap like this gets by them so easily?

Who caught it?
The placebo effect can be a cruel thing huh?(see the reviews)

techbeck said,
Does it matter?
Yes, it does. The organization running any Store should be the one catching things like these before scores of customers get defrauded and probably never compensated.

Romero said,
Yes, it does. The organization running any Store should be the one catching things like these before scores of customers get defrauded and probably never compensated.

Stores, companies, a lot of the times are not the ones that find this. They are reported and why companies have a reporting structure and in some cases, will reward people for finding issues and vulnerabilities.

techbeck said,
Stores, companies, a lot of the times are not the ones that find this.
And that's what I'm saying, they should invest so the very first line of defence is strong. The current Bouncer system doesn't seem to be all that great.

Romero said,
And that's what I'm saying, they should invest so the very first line of defence is strong. The current Bouncer system doesn't seem to be all that great.

I believe the bouncer system was to detect malware. Technically, this isnt malware. Sure, there is room for improvement but not without putting up the walls.

@duoi, kudos for putting in a link to Wikipedia that doesn't actually do anything, in regards to an app that doesn't actually do anything.

First class!

As @duoi's empty Wikipedia page suggests (Wikipedia requires actual non-hysterical sources), “walled garden” is pretty much exclusively an Android knock on Apple's store policies. Many Android partisans continue to echo the term even though Google now attempts to perform many of the same integrity, validity and suitability checks that they previously slammed Apple for.

Android remains more open in that it's easier to “sideload” apps that either never were submitted to Google Play, or were banned. If it's true that the source code to this scam has been released, you could even download it and use it as a test bed for your own non-functional apps, possibly re-submitting to get around the ban mentioned in the article.