10 million Android users tricked by "Updates for Samsung" app

Android application claims to update Samsung firmware but instead shows ads and demands money

The deceptive firmware update app for Samsung phones was downloaded by 10 million Android users

Yet another application on Google Play came under the scrutiny of security analysts. This time, malware researcher Aleksejs Kuprins^[1] from CSIS Security group published a reported about a deceptive app “Updates for Samsung” which is allegedly designed to update firmware^[2] for Samsung smartphones free of charge automatically. Instead, the application redirects users to an ad-filled website that asks users to pay up for the working patches.

The developers of the app take advantage of the fact that users are not always capable finding the correct firmware and software updates for their Samsung model phones, and having an application doing that for them is an excellent choice for many.

Approximately 10,000 million Android users installed Updates for Samsung” so far. Kuprins said that the app, while not malicious, is using deceptive methods and tricks to make users pay for the firmware updates that do not come from the official source but instead updato.com domain:^[3]

Although not malicious in the traditional meaning of that term “Updates for Samsung” does not seem to offer users much of value besides a lighter wallet and as such highlights the risks of ignoring the fine print.

Developers use shady practices to make users pay for app's functionality

The app grabbed the attention of Aleksejs Kuprins due to its large amount of downloads, and reason for that is the name itself – “Updates for Samsung.”^[4] Without a doubt, many would immediately assume that the app is legitimate and comes from Samsung itself (as evident, it is not the case).

As soon as “Updates for Samsung” is opened, it starts displaying a large amount of full-screen advertisement on a WebView window under the domain name updato.com, which usually shows Android-related news. Nevertheless, users who are interested in updating their Samsung phones can search for the appropriate updates via the app.

Once found, users can download updates for free, but the download speed is limited to a bare minimum of 56 KB/s, which comes down to four hours of download if the patch is approximately 700 MB large. However, during the tests conducted by Kuprins, the download simply froze at some point, and the completion could be never achieved, even with a stable connection.

This simple trick prompts users opting for the paid option, which offers a yearly subscription for $34.99. However, the arrangements are not being carried out via the official Google Play store, but users are rather prompted to enter their credit card details directly, which can compromise users'security. It is not surprising, as the app is not affiliated with Samsung in any way, despite offering firmware and software updates from the hardware maker.

Modern day electronic scams hide behind legitimate claims

Advertising is one of the most lucrative businesses in the world, and, while it is mandatory for companies to promote their products or even exist, deceptive marketing campaigns is something that encourages unfair practices while pushing dodgy products or services.

Many applications on Google Play or Chrome store claim to be absolutely free, although it is rarely the case (in-app purchases or intrusive ads makes it pay for itself). Consumers are quick to grab something useful, although they seldom realize that they are simply being tricked by empty promises. Therefore, find an application that works and pay for it – software developers cannot work for free. For that, you will receive adequate functionality and full support without tricks.

“Updates for Samsung” is one of the best examples of unfair and deceptive marketing that should not be allowed on official sources, even though the application is not directly malicious. Google, which previously had to remove numerous malicious apps from the official stores,^[5] is yet to respond to the security expert's findings.

While software and firmware updates might be confusing, trusting original sources is always recommended. To update your Samsung smartphone, go to Settings > About phone and locate Software Update option to download the latest firmware and software.