Security researcher Aleksejs Kuprins of CSIS Security Group recently discovered an Android app that allegedly provides firmware updates for Samsung users.
The app is known as Updates for Samsung – Android Update Versions, and it has more than 10 million installations on Google Play Store. Needless to say, the app is suspicious as it takes users to a website covered in ads.
More about the Updates for Samsung Android App
This is how the app look like:
The app claims to provide firmware updates for Samsung users, but instead of doing so, it redirects users to a website that features a large number of ads. Furthermore, the app claims to provide both free and paid firmware updates, which are divided into two sections. More than 10 million users have already installed Updates for Samsung via Google Play Store.
The purpose of the application is to obtain the user’s credit card details, as explained by the researcher in a Medium post:
Besides being stuffed with advertisement frameworks and not being affiliated with Samsung (yet distributing their firmware), the app offers paid subscriptions for the downloads of the said firmware. A user can get an annual subscription for Samsung firmware update downloads for a small fee of $34.99. Interestingly, that doesn’t happen through the official GooglePlay subscriptions. The app simply asks for your credit card info and sends it to an API endpoint under updato[.]com over HTTPS.
It is interesting to note that the free updates have a download speed of 56 KBps, but they eventually fail to complete and prompt the users to subscribe for an annual fee of $34.99. The Updates for Samsung app also utilizes its own payment method instead of the official Google Play subscriptions, and that’s why it’s asking for credit card data.
Another suspicious service offered by Updates for Samsung is SIM card unlocking services at the price of $19.99. The only good news here is that the researchers haven’t discovered any malware-related activities stemming from the app.