Fake Google apps found in the Windows Phone app store

Windows PhoneAlthough Google has released official versions of its smartphone apps for the iOS and (obviously) Android platform, Microsoft’s Windows Phone has been largely ignored.

The truth is that Windows Phone has a pretty pitiful marketshare compared to its big Google and Apple competitors, and so there’s not really any good reason why Google feels it should give Microsoft a helping hand in making its platform more attractive by releasing its apps.

It’s a real problem for Microsoft and the Windows Phone. Developers won’t create apps for the platform until they are confident that there is a decent sized market for them. But more people won’t buy a Windows Phone until there are a decent number of quality apps.

For app developers like Google, who have a healthy interest in promoting a rival platform (and putting down a potential competitor), the decision seems pretty clear cut at the moment. And that’s why they’ve only released their Google Search app for the Windows Phone operating system.

Sign up to our free newsletter.
Security news, advice, and tips.

With that in mind, eyebrows must have been raised when versions of Google Hangouts, Google Maps, Gmail, Google Plus, and other seemingly official apps from Google, appeared in the Windows Phone store at a cost of $1.99 each.

Fake smartphone apps

At first glance, Windows Phone owners might think that these apps were the real thing. But in reality they’re fake.

The apps, which were discovered by WinBeta, noted that the real legitimate official (and free) version of Google Search in the Windows Phone store lists its developer name as

Google Inc

whereas the fake Google apps (which ask for payment) say their developer is

Google, Inc

Clearly the intention here is to trick Windows Phone users into believing they are purchasing a genuine app from Google, and put money into the pockets of fraudsters.

Thankfully, the media attention resulted in Microsoft withdrawing the apps from the Windows Phone marketplace. But questions have to be asked as to why Microsoft wasn’t able to spot the suspicious apps appearing in its app store ecosystem in the first place, especially when they claimed to come from a company as big as Google.

Was a simple comma inserted into the developer’s name enough to dupe Microsoft?

Microsoft gave a statement to The Next Web, pushing the responsibility of policing the app store clearly onto the community and the developers themselves:

Microsoft takes the intellectual property our ecosystem seriously and we use several layers of deterrence and response to help protect it. First, we encourage developers to take advantage of obfuscation tools for an added layer of protection. Because the Windows Phone Store is the only authorized source of public apps and games for the Windows Phone, developers can more easily police infringement of their apps by monitoring the Windows Phone Store and notifying Microsoft if infringement occurs.

Microsoft provides online tools and an email alias ([email protected]) to enable developers to quickly report infringement of any apps they locate on the Windows Phone Store for immediate review and, when appropriate, removal. In cases where the infringement is disputed, we permit alleged infringers to dispute infringement via counter notices. Finally, Windows Phone educates every developer from the very start – before apps are even submitted – reminding them in our developer agreements and policies that Microsoft does not permit infringement of intellectual property of others.

Hmm.

In short, Microsoft says it’s not going to proactively police the Windows Phone store. Tough luck Windows Phone users if you pay for dodgy apps that pretend to be from a legitimate developer.

Android is sometimes called “the new Windows” because of it’s dominant marketshare, availability on multiple devices from a wide variety of manufacturers, and – alas – the large amount of malware written for the platform.

Let’s hope that Microsoft gets more serious about stopping Windows Phone becoming the new Android, from the poorly-vetted apps point of view at least.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.