In those troubled times, the world population demonstrates each day an unprecedented outpouring of solidarity, goodwill and aid. Unfortunately, the Covid-19 pandemic might also be leveraged as a business opportunity as per the following example.
The Pradeo Lab identified that a common wallpaper application released since February with several versions is disguising itself as an application claiming to protect ourselves from the Coronavirus. By keeping the same package name, the editor ride the wave of Covid-19 to generate downloads of its application and, thus, profits.
A quick redesign under the same package name
At a the first glance, the Covid-19 info application fits the purpose presenting three topics about the pandemic and an incongruous “Themes” mention at the bottom of the page.
But, having a closer look, the topics turn out to point to known general news or Covid info websites being Yahoo news, Johns Hopkins University Covid-19 map as reported in our automatic app security analysis and duplicated content of the World Health Organization website.
Ultimately, prompted notifications, don’t leave any doubt on its real purpose when promoting free and paid wallpaper themes.
If the application was a bit reshaped and changed its name, version and description, the package name still remain the same cumulating downloads.
Generate downloads on the Google store through Covid
The application has always been dedicated to provide wallpapers and the developer is a designer who published a set of various applications all dedicated to graphic supports.
Focusing on versions published over the last months, the application went back and forth from its true nature to a Covid branded app.
As a result, the underlying objective of such disguising is to target a “trendy search” to drive downloads of the application generating a direct profit through ads and potential paid themes but also indirect benefits by improving the app ranking on the store, and therefore downloads when featuring back to its true nature.
If this intentional misleading is benign, it demonstrates how a common application can easily trick a user on its true purposes.
At the time when mobile usages are skyrocketing due to Covid-19 pandemic situation, personal and corporate data protection can only be strengthened relying on an adapted and dedicated mobile threat defense solution.
In this context of global health crisis, Pradeo supports companies by offering its mobile security services for free until June 1st 2020. Request for free services here.
To know more on the hidden side of Apps, join our upcoming webinar that will showcase behaviors and vulnerabilities of a famous food delivery app.