Fake Samsung Update app has millions of downloads, report finds
COPENHAGEN, DENMARK — A new report by the CSIS Security Group has found that "Updates for Samsung," a third-party app on the Google Play store, had been misleading users into paying for software updates on their Samsung phones.
The app had more than 10 million downloads before it was taken down last week, USA Today reports.
According to the report, once the app is downloaded, it takes you to their website, 'updato.com.'
The website allows users to search for specific firmware then asks users for their credit card information and charges users a fee of US$34.99 for an annual subscription of Samsung software updates.
The site offers free updates as well.
However, the report found that free downloads are limited to a rate of 56 KBps and eventually time out.
This happens despite the fact that Android phones offer free software updates on all their devices.
Bleeping Computer reports that the app had clearly stated in their description that they are quote "not affiliated in any way, shape, or form with Google Inc or Samsung Electronics."
CSIS Security Group Malware analyst Aleksejs Kuprins told ZDNet that the app didn't carry out malicious tasks on the device.
Kuprins said the website displayed "a lot of full-screen advertisements, almost after every other tap on the screen."
In a statement to Bleeping Computer, Updato's app developer said they aggregate software updates, "for the convenience of our audience."
Adding that, "Our database allows people to easily search for firmware in any location for any version for any device.
Updato told Bleeping Computer that the app was taken down to make adjustments while Google says it had suspended the app for violating Google Play Developer Policies.