Potentially spurred by the ubiquitous reports of Android malware lurking around the Google Play store in vast numbers, 30,000 Android owners downloaded the app for $3.99, sending the app to the top of the paid app downloads and provoking the Android Police to take a closer look at it. On April 6, Google yanked it from the store. Presumably, the consumers remained unaware that the app actually doesn’t do anything other than put money into fraudsters’ pockets – considering that it had a 4.7-star rating.
According to Michael Crider of the Android Police, the app description said it "Prevents harmful apps from being installed on your device," "scans apps, settings, files, and media in real time," and "protects your personal information." Oh, and it has a low impact on battery life, and has "No, ZERO pesky advertisements!"
Of course, it's a complete and total scam. “We don't mean in the slightly skeevy way that some anti-virus and general security software overstates dangers and its own necessity,” Crider said. “We mean it's literally a fake security app: the only thing that it does is change from an ‘X’ image to a ‘check’ image after a single tap. That's it. That's all there is, there isn't any more."
The developer is a supposedly real company called Deviant Solutions that can be tracked down, but it’s unlikely that any of the fraudsters will be brought to justice. Founder Jesse Carter surfaced in an interview with the Guardian, explaining the whole thing as “a foolish mistake.”
"One of our developers simply made a foolish mistake," Carter told the Guardian. "The app version that was decompiled by Android Police was not intended to be released. It was an early placeholder that our UI designer created. There was a mix-up between the version that contained the antivirus code for our app."
Apparently, foolish mistakes aren't unusual for Deviant. The Android Police noted that the email Deviant used in Google Play for the Virus Shield app, Jesse_Carter@live.com, is also linked to a banned account at Sythe.org, “where the user InceptionDeviant is accused of trying to scam people out of various low-value game items,” Crider explained.
Typically, Google takes a caveat emptor approach to mobile sales, offering only a 15-minute refund window for app purchases. In this case, it’s issuing full refunds and throwing in a $5 Play Store credit to stave off customer churn.
“Google Play's policies strictly prohibit false claims like these, and in light of this, we're refunding you for your ‘Virus Shield’ purchase. You should see funds returned to your account within the next 14 days,” the company said in an email to customers. It added, somewhat sheepishly, “We're sorry for any inconvenience this may have caused; rest assured that we're always working to make Google Play better for our users.”
For Google, the cost will work out to be around $269,000 – a drop in the bucket for the search engine giant.