What's easier than developing an antivirus application and selling it to consumers? The answer: not developing an antivirus application and still selling it to consumers. That's exactly what happened when Android app developer Deviant Solutions sold a snake oil antivirus application to Android users for $3.99 each.
Virus Shield was exposed on sub-reddit /r/badapps where it received significant attention and was eventually removed from Google Play, but not before Virus Shield was purchased by tens of thousands of Android users, it became the #1 ranked new paid application and #3 ranked paid application overall. With so much fan fare, and so quickly, this must be some outstanding antivirus protection, right?
Of course not. We wouldn't be discussing Virus Shield if something wasn't badly wrong. This fake antivirus application advertises it's capable of scanning applications, settings, files and media for malware signatures and protecting the device, but Virus Shield does none of these things.
Instead, Virus Shield displays a screen that states "Scan in progress." A progress icon is displayed but no scanning is taking place. This continues until finally the application displays "Scan complete," and assures the user "Your device is secure." The only other activity this fake antivirus application completes is to change "X" icons to "✓" icons, indicating files have been "scanned" and are secure. All that protection for only $3.99, what a bargain!
This isn't the first time this developer, or developers, has attempted to scam unsuspecting customers. The email address associated with the Deviant Solutions developer account (Jesse_Carter@live.com) is also associated with another banned account on website, Synthe.Org. The associated Synthe account, InceptionDeviant, was banned for attempting to scam users out of "various low-value game items."
There are few individuals who deserve honorable mention for exposing this fraud. Obviously the original reddit user who exposed Virus Shield, /u/jt121, deserves praise. Michael Crider of Android Police should also be given a high five for his in depth analysis.
We speculate that Google may issue refunds to the victims of this fraud. Google withholds payment to developers for approximately 30 days, Virus Shield was removed just a little more than a week after it was published. The money the developer earned is likely being withheld and should, in theory, be returned to victims.
A Few Rules to Follow
When downloading applications from any Android app market, including Google Play, be sure to research the application and developer prior to downloading. Specifically for Android antivirus apps check out AV-Test.org for rankings and reviews. Search for a developer website, social media accounts, and customer support contact details to verify the legitimacy of application developers.
According to a British newspaper called The Register, Google will be refunding all users who purchased the applications. Downloads of the fake anti-virus application reached somewhere in the range of 30,000 meaning Google will be handing upwards of $120,000 in refunds.
James Green is a mobile security researcher who has worked in the Android security field for several years providing privacy and security advice to Android users. Email:James@ArmorforAndroid.com, Twitter:@James_AfA