Another blemish on the reputation of the Google Play Store – a fake Infinity Blade 2 app went live on the Play store on July 28, and accrued more than 1000 downloads before being taken down.
The fake application, a 2.2 MB APK, prompted users to earn 50 points on Tapjoy (paid ad clicks) in order to unlock the full game download. Some users reported that the download never became available, while others said that the 1.03GB file was just “junk”.
The app was published by “2011 Chair Entertainment Group LLC” (the developer of the real iOS game is Chair Entertainment Group, LLC) and used the official branding and copy of the iOS game. It is unclear what the purpose of the impostors was. The fake app was free, unlike the real deal, which costs $6.99 on iOS. Spreading malware might be one reason behind the scheme, but there are no reports so far about infections with trojans or other malware. Most likely, the shady devs behind the app wanted to make some quick cash, by exploiting naïve users and an app monetization network that doesn’t have a strict partner vetting policy in place.
Infinity Blade 2 is a hit title on iOS and likely to remain exclusive for the iPhone and iPad. As a PSA, if you see a major title available out of the blue on the Play Store, do a quick scan for red flags, such as low download numbers, pricing inconsistencies, and bad user reviews. As always, stay away from third-party app markets, as the “bargains” that you can get there often come with nasty pieces of malware attached.
This latest incident fuels the controversy about the lax vetting policies of the Play Store. Any developer can publish applications on the Store with minimal approval requirements, which makes the system vulnerable to exploitation by unsavory characters. Google has to improve reaction times in these cases (the fake Infinity Blade app was taken down after three days), and more importantly, to impose a stricter screening system for new apps. I don’t want the kind of draconian, sometimes even arbitrary approval process that iOS developers know too well. And I realize that it’s difficult, from a technical and logistic point of view, to manually vet every app, but, a human could (or should be able to) identify egregious fakes like this “Infinity Blade for Android” in a matter of seconds.
Do you agree that Google needs to step up its game here?