Russian Email App Automatically Installed on Samsung Phone Due to Google Play Bug
Overnight, many owners of Samsung phones noticed that there was a new app pushed and delivered to their devices without requiring any action from them. The app in question is a Russian email application called МТС Мобильная Почта (MTS Mobile Mail). Curiously, though other developers have taken a look at the MTS Mobile Mail app and have deemed the app harmless and not malware, users are still having a hard time removing or uninstalling the app. And what’s even more curious is that the app was pushed through Google’s official app store for Android known as Google Play–formerly Android Market.
So how did all this happen? The way apps are processed on Android is that they’re given a unique name. Samsung’s official email app, for example, is given the name of com.seven.Z7. For whatever reason, developers of the Russian-made МТС Мобильная Почта (MTS Mobile Mail) also issued the same name to their app. Essentially, when Google Play scanned Samsung devices to push out new app updates, the store was tricked into recognizing that there is a newer app available for the Samsung email app and pushed out the MTS Mobile Mail app instead. Additionally, it is also discovered that the signing certificate for the apps must be identical for Google Play to be tricked so it looks like the Russian developers not only named their app similarly to the official Samsung email app, but used a similar or the same certificate to sign the app.
According to The Verge, the likely explanation behind all this is that former email provider Seven is now creating a white-label email app and service for others to brand. This essentially means that Samsung and the developers behind the MTS Mobile Mail app used the same Seven white label service and there is likely confusion there as to the naming of the apps. This could also explain why the certificate for signing the app is the same.
This incident shows that there can be confusion with similarly named apps in the store and could open the doors for malicious apps to be pushed out to devices disguise as updates to official applications.
Via: The Verge