[Update: App pulled from Play Store] More than 10 million people installed scam ‘Updates for Samsung’ app

Despite only offering updates via official channels, over 10 million Samsung owners installed a scam app claiming to offer OEM builds of the latest Android OS. The “Updates for Samsung” app masqueraded as a one-stop shop for OS updates. Instead, it redirected you to an ad farm that would then charge real money to download firmware updates.

In a report by CSIS Security Group (via The Next Web), they claim that more than 10 million people downloaded and installed the app on their Samsung phones. Despite this severely dodgy practice, the app is still live on the Google Play Store.

[Update 07/08]: The app has now been pulled from the Google Play Store after  The Verge contacted Google and confirmed that the app has been “suspended” for violating its Play Store policies.

Just last week, the team behind the app, Updato, told BleepingComputer that it was pulling the app itself to “remove the firmware service portion and non-Google payments.” They remained adamant that their app still offering “convenience to [their] audience” though.

Considering that over 10 million downloads were amassed since the application was  launched six years ago. Even if only a small portion were duped into paying for free OTA updates, that would be a sizeable volume of cash. At least, for now, you need not worry if your friends or relatives are being scammed for free OTA updates.

The app is stuffed with ads, but by allowing you to search via the “Download Firmware” section, it’s easy to see why you could be duped. The app developers are not only duping owners, but they are also distributing Samsung firmware without any affiliation with Samsung — no doubt illegally.

An annual subscription of $34.99 gives anyone using the app access to all of the firmware downloads for their device. Of course, all of these updates are available for free through official Samsung channels. The scammers are not using the official Google Play subscriptions protocol. Instead, the app simply asks for your credit card information and sends it to an API endpoint via updato[dot]com over HTTPS.

Samsung scam app in action

The app does offer a “free” tier for firmware downloads, but only allows download speeds of 56 Kbps in an attempt to funnel unsuspecting people into the paid tier. Many reviewers have noted that at this speed, the download will time out or fail after a little while.

CSIS’s report also points out that the counterfeit application even offers bogus SIM unlocking for $19.99. Again, payment is made via an external payment method rather than Google Play subscriptions.

Updates for Samsung scam app

While this app doesn’t install any malware on your device, it is still a very shady app developed to help make wallets lighter around the world. It may be worth checking with your friends and relatives to see if they are paying for free firmware updates on their Samsung phones. It’s a devilish scam that many have fallen for who want Samsung phone updates.

More on Samsung:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:



Avatar for Damien Wilde Damien Wilde

Damien is a UK-based video producer for 9to5Google. Find him on Twitter @iamdamienwilde. Email damien@9to5mac.com

Damien Wilde's favorite gear