Google has announced it will refund customers who paid for a bogus security app from its Google Play Android app store.
Those duped by the fake app will also be given $5 (£2.97) credit to spend in the online app store, reports the BBC.
The Virus Shield app was ranked as top selling new paid app in the Google Play Store within a week of its publication in April and reached over 10,000 downloads before it was removed.
The app was exposed as a fake by the Android Police news site after its investigators found that the app’s code contained no security functionality at all.
The app, priced at £2.35, claimed to prevent harmful apps, protect personal information and scan app settings, files and media in real time.
Google removed the app from Google Play after the Android Police site found that all the app did was change its logo from an "X" image to a "check" image and nothing more.
Read more about fake security software
- Twitter spam used to spread rogue security software
- Black Hole kit fuels drive-by attacks, rogue antivirus declines, Sophos finds
- Microsoft's Scott Charney on fighting botnets, rogue antimalware
- Rogue anti-virus software targets Google Groups
- Rogue security software threat will grow in 2010, warns report
Despite updating the app several times, the developer of Virus Shield told the Guardian that the app was a "foolish mistake" and was mistakenly uploaded with the anti-virus code missing.
Google said it would refund anyone who bought the app because Google Play’s policies “strictly prohibit” false claims, which in this case are believed to have netted the developer more than £20,000.
Virus Shield has prompted calls stricter controls of the content made available in the Google Play store such as an automatic review of all content that reaches the top ten seller rankings.
Control over apps
“Unfortunately the wide-open nature of the Play Store means that unscrupulous people can take advantage of it,” the Android Police site observed.
But comments in user forums indicate it would be difficult to find consensus on what types of controls would be sufficient, with many Android users rejecting the tight controls imposed by Apple.
Fake security products scams have emerged as a top money spinner for cyber criminals in recent years but – unlike Virus Shield – most of these bogus security products include malicious code.
In July 2013, IT services firm Symantec found that Google Play was “riddled” with malicious apps, despite efforts to keep it clean.
A test search carried out by Symantec using Google Play search resulted in 21 out of 24 top hits being malicious apps.