The discovery was formally made by researchers from Zscaler ThreatLabz, but a close look at the app’s download screen would have revealed that something was amiss.
For starters, there’s no screenshot. By itself, that’s not necessarily a dead giveaway, but the app sells itself as being an Android System Update, and Google is not in the business of releasing such updates without the requisite screen shots.
Secondly, and perhaps even more compelling is the fact that as increasing numbers of people downloaded the app, legions of them left negative reviews, stating that it didn’t make any new Android updates available and generally did not work as advertised.
Generally, people tend to rely on peer reviews like this as a barometer for whether they want to download the app for themselves, so it’s unclear why that wasn’t the case in this particular instance. It is possible that users, seeing a mention of Android updates, simply went ahead with the download in spite of the red flags that the negative reviews represented.
Whatever the case, the app has now been removed and is no longer available. That’s small consolation for the millions of users who have already been impacted, but at least it keeps the problem from getting any worse.
The moral of the story here is simple. Despite Google’s best efforts, malicious apps do occasionally wind up on the App Store. Due diligence is in order to be sure you actually want or need the app in question before diving in and grabbing it, and peer reviews should be an important part of that process.