A basic wallpaper app dressed up into a COVID-19 info app

Posted by Roxane Suau on April 16, 2020

In those troubled times, the world population demonstrates each day an unprecedented outpouring of solidarity, goodwill and aid. Unfortunately, the Covid-19 pandemic might also be leveraged as a business opportunity as per the following example.

 

head_pic_covid_wallpaper2

 

The Pradeo Lab identified that a common wallpaper application released since February with several versions is disguising itself as an application claiming to protect ourselves from the Coronavirus. By keeping the same package name, the editor ride the wave of Covid-19 to generate downloads of its application and, thus, profits.

 

A quick redesign under the same package name

At a the first glance, the Covid-19 info application fits the purpose presenting three topics about the pandemic and an incongruous “Themes” mention at the bottom of the page.

 

covid_wallpaper_home

 

But, having a closer look, the topics turn out to point to known general news or Covid info websites being Yahoo news, Johns Hopkins University Covid-19 map as reported in our automatic app security analysis and duplicated content of the World Health Organization website.

connections_covid_wallpaper

 

Ultimately, prompted notifications, don’t leave any doubt on its real purpose when promoting free and paid wallpaper themes.

covid_wallpaper_notific

 

If the application was a bit reshaped and changed its name, version and description, the package name still remain the same cumulating downloads.

 

Generate downloads on the Google store through Covid

The application has always been dedicated to provide wallpapers and the developer is a designer who published a set of various applications all dedicated to graphic supports.

Focusing on versions published over the last months, the application went back and forth from its true nature to a Covid branded app.

 

koodous_screen_apps

 

As a result, the underlying objective of such disguising is to target a “trendy search” to drive downloads of the application generating a direct profit through ads and potential paid themes but also indirect benefits by improving the app ranking on the store, and therefore downloads when featuring back to its true nature.

 

Key takeaways

If this intentional misleading is benign, it demonstrates how a common application can easily trick a user on its true purposes.

At the time when mobile usages are skyrocketing due to Covid-19 pandemic situation, personal and corporate data protection can only be strengthened relying on an adapted and dedicated mobile threat defense solution.

 

 


In this context of global health crisis, Pradeo supports companies by offering its mobile security services for free until June 1st 2020. Request for free services here.

To know more on the hidden side of Apps, join our upcoming webinar that will showcase behaviors and vulnerabilities of a famous food delivery app.

 

Topics: News, Mobile Application Security