While Huawei’s call to developers to bring their apps to AppGallery has partially worked, this has also filled the store with fake and stolen applications.
Artículo disponible en Español | Article disponible en Français
[Updated 31/10/2019]
Huawei has been inciting developers to bring their applications to the Huawei AppGallery for a while, especially following the US ban and the company being placed on the “entity list”. While this has mostly worked, with dozens of popular applications having recently launched on the store, a surprising number of fake or stolen applications have also surfaced on the store, all published by a few developers.
This is most likely due to an insufficient vetting process on Huawei’s side, as too many applications use the name and even the icon of popular applications to induce users in error. Of course, it is quite easy to tell they are fake, as, from the screenshots, they look nothing like the real ones, and the developer is always some unknown person or company. Sadly, not every user is capable of realizing this, especially seeing the number of downloads and how some of these apps are top ranked on Huawei’s AppGallery.
Fake or misleading applications vary in type, with some using the brand’s logo and name, while others go as far as using the logo, description and even screenshots of the original application, to pass their app as another popular one. Sure, it is possible to report the application through the option given by AppGallery, but the reporting function is too limited and does not allow to include a reason to why this report, as can be seen on the following screenshots:
The most blatant case of a fake application we’ve encountered is “Mario Kart Tour – Car Race”, which, as previously mentioned, uses the name, icon, screenshots and description of a popular, recent game from Nintendo, while offering a completely different game on launch, “Happy Superman Car Transform Racing”. The game is obviously stuffed with advertisements, the goal being making as much money as possible before the user inevitably uninstalls the application upon finding out it’s not the advertised one:
Thankfully, the application is now gone, likely due to the number of users reporting it.
Fake applications-wise, we haven’t seen anything else blatant. But what can be easily found are applications using the logo and name of a popular service, adding something else to the title and maybe even slightly changing the logo to keep the resemblance but still be different enough. For instance, this is the case with “Netflix tips”, “Snapchat tips”, “Mario Kart Tips”, “Free Music – Spotify Alternative” (this one is literally a YouTube music browser), “Messenger” (which uses a similar logo to Facebook’s Messenger and the same name but is an entirely different service) and “Call of Duty Tips”. Many of these “Tips” apps come from the same dev, which is unsurprising. We also see the typical garbage applications coming to the store, such as “CleanMaster” from the famous Chinese developer “Cheetah Mobile”. Here are some examples of these apps in question, from multiple different developers:
We then have a rather surprising but also unsurprising case of what would seem mass abuse. The developer behind the “Mario Kart Tour – Car Race” scam has also submitted around 100 other games to Huawei’s AppGallery, although, searching for those on Google’s Play Store reveals all these applications have been developed by multiple other developers. This opens two possibilities: either this developer, “DI TE SAF”, is a company that facilitates distribution of applications through multiple channels, or the “developer” has downloaded a bunch of APKs of random games and submitted them to Huawei’s AppGallery, which, for some reason, has accepted all of them without further checks. Seeing as “Mario Kart Tips – Car Race” was essentially a scam, we are leaning towards this second option, and considering this as the first major AppGallery abuse so far. Because, if Huawei does not change the way they accept applications and place some kind of measures to stop this from happening, multiple other scummy people will take advantage of the platform and users, ruining it and its reputation before it has the opportunity to strengthen its market position. We’ve reported this case to Huawei, and will wait to hear back from them, before eventually contacting some of the affected developers so they can actually confirm (or deny) being involved with this “developer” and take further action. Seeing how quickly Huawei removed “Mario Kart Tour – Car Race” once reported, there’s some hope that this developer will have his account banned. Here’s the massive list of games published by “DI TE SAF”:
This is indeed the complete list of this specific developer’s applications. We’ve counted between 100 to 130 of them, which is an unrealistic amount of applications for anybody, even medium to large companies, unless they are game publishers.
And here are some of the applications, but on the Google Play Store, which are all listed under different names. We’ve selected easy to find applications, as some of them are too generic:
- “Big Big Baller” from Lion Studios
- “Dunk a lot” from Pixel Box Games
- “Gears logic puzzle”, its real name being “Fix it: Gear Puzzle” from BitMango
- “Perfect Slice”, its real name being “Perfect Slices” from SayGames
- “Subway Rail Blazers Runner”, its real name being “Urban Subway Rail Blazers – Texas Runner” from GEM CREATORS
- “OnPipe Puzzel”, its real name being “OnPipe” from Saygames
- “Gate Rusher”, its real name being “Gate Rusher” and using the icon from “Rush”, the first being from TryMyGames and the icon being from Ketchapp
- “Piffle Puzzle”, its real name being “Piffle” from HIPSTER WHALE
- “City Tornado Amazing City Storm” from HGames-ArtWorks
- “Super Mario Boy – Adventure Jungle”, its real name being “Jungle Boy Adventure Games – New 2019” from Shantoria Young
- “Light it up”, its real name being “Light-It Up” from Crazy Labs by TabTale
- “Merge Plane – Click & Idle Tycoon” from Merger Games
- “LOLO”, its real name being “LOLO: Puzzle Game” from Lemoon Games
- “Granny” from DVloper
- “Draw Here”, its real name being “Draw Here: Logic Puzzles” from Super Game Studios
We have been unable to identify quite a few of the applications, as the “developer” has sometimes not only changed the application name and part of the description, but also used a different icon or different screenshots, likely to try and make it harder to find the original games. Sadly, at this point, there is little to no doubt that whoever submitted all these applications is a scammer. Checking their privacy policy does not reveal much, as it includes no address. But we do learn one thing: the scammer in question thought he was being clever by putting his privacy policy on a different site, “qoqo.fun”, which he also owns (being a WordPress website). Sadly, he has taken the necessary precautions when registering the domain, as we are unable to see the registrant name on WHOIS.
Things don’t improve with the following developer. From the looks of it, this person also applies some of the techniques from the first one, such as using different icons or screenshots to try and make it harder to figure out the application is not his:
A quick look at some of the games on the Google Play Store return the following results:
- “Granny: Chapter Two” from DVloper
- “Last Day on Earth: Survival” from Kefir!, screenshots coming from “Survival Island: EVO PRO – Survivor building home”, a paying game from PRIDEGAMESSTUDIO OU PLC
- “Swat Battleground force: Free Fire Battle Royale” from STJ Games, not available on the Google Play Store anymore, but still findable on APK Pure for example
- “Bullet Force” from Blayze Games L.L.C., but using screenshots from “Real Shooting Gun Strike” from Laxass Games (this game also seems to use multiple stolen screenshots?) and “World War Survival: FPS Shooting Game” from The Game Feast
- “Impossible Terrorist Mission 2” from STJ Games, not available on the Google Play Store anymore, but findable elsewhere, but using screenshots from “Battleground Survival Free FPS Shooting Game 2019” (Cops Battleground) from Yes Games 2019
- “Battleground Warface”, the icon coming from “SHADOWGUN LEGENDS – FPS PvP and Coop Shooting Game” from MADFINGER Games, the first screenshot being from “Anti-Terrorism Commando Mission 2019” from 360 Gaming Studio, the second screenshot being from “Infinity Ops: Online FPS” from Azur Interactive Games Limited and the third screenshot being from “Country War: Battleground Survival Shooting Games” from XSQUADS Free Shooting Games – FPS. It is unclear what game is being shipped here, and we will not be downloading it to find out.
- “Modern Strike: PRO FPS”, its real name being “Anti-Terrorism Commando Mission 2019” from 360 Gaming Studio
- “Jail Break: Prison Escape Game” from Orange Games Studio LLC
- “Infinity Ops: FPS”, icon being from “Country War: Battleground Survival Shooting Games” from XSQUADS Free Shooting Games – FPS and the game itself supposedly being “Infinity Ops: Online FPS” from Azur Interactive Games Limited
- “Truck Driver Cargo” from GameDivision
- “Dr. Parker: Real car parking simulation” from Yeditepe
- “Taxi: Simulator 1984 v2”, a paying game from StrongUnion Games
- “Operation Third-Person Shooter War Game 3D”, a paying game from Rigbak
- “Last Day of World War Hero” from Virtual Sim Games
Yes, initially we only intended to check a few of them, but ended up figuring out all of them. And because we know our evidence will eventually disappear, here’s a screenshot of every single one of the games of this dev. For us, there’s no doubt this person has just stolen a bunch of games from a website such as APK Pure and submitted them to Huawei’s AppGallery. In many cases, we don’t even know which game we are getting, although it’s likely it’ll be some random one and maybe not even the advertised one. The fact some of these applications used to be on Google’s Play Store (those from STJ Games) but have since been removed is even weirder, although it wouldn’t be unsurprising if this was due to STJ Games breaking Google’s rules in some way.
For the developer in question, we have no doubt it is another scammer, especially after checking out the Privacy Policy of “OSIC TECHNOLOGY CO., LTD.”, who literally posted this one on a free Blogger page with a mistake in the title, saying “privcy policy”. Furthermore, this Privacy Policy does not include any kind of address or way of contacting the “developer”.
Just by seeing how easily we’ve found all this information, Huawei could easily implement some basic measures to stop such blatant abuse from a few developers:
- If the developer has already published the application on another store, such as Apple’s App Store or Google’s Play Store, the developer should link to this to double-check if that’s the case (only viewable to Huawei employees).
- Huawei should run the screenshots, app name and icon through Google’s image search or a similar option, such as TinEye, to see if the images/name correspond to some other game or not.
- Developers should be forced to post their Privacy Policy on a registered website with a proper domain, and not be allowed to use free options such as Blogger or literally a Google Docs document. Yes, we’ve seen a few doing this.
- Furthermore, developers should be forced to include an address, company name and registration number, as well as a contact e-mail, in their privacy policy.
Concerning Google Docs. Here are two developers using Google Docs to post their Privacy Policy, a genius move, as this allows them to save money on a domain name and website. Of course, these developers only list a Gmail address to contact them, but no address, no proper company name or country of registration, nothing. Even worse, none of the developers mentioned in this article seem to have a proper website or even actually exist. While a Google search of their names does return some results, none of those results is concluding enough. The first one using Google Docs for his privacy policy is “Mena Limited”:
The second one is “iMate Games”:
Regardless, while it is sad to see how AppGallery is being filled with stolen and low-quality applications, at least the store has also been getting quite a lot of popular apps, as we’ve seen in our past article on the matter. We hope Huawei will soon address these issues and eventually ban the few developers mentioned here, while also putting in place a stricter vetting process overall.
Update 31/10/2019: We’ve received a response to our e-mail. Huawei’s customer service has indicated they’ve forwarded this information to the relevant service to review and investigate the situation. We’ll keep an eye on how things go.
More on this subject: