Threat Research

Knock-off FIFA apps on Google Play

Jan Piskáček, Nov 30, 2016 3:00:38 PM

Avast Threat Lab found four fake FIFA football apps on the Google Play Store - just in time for the Copa America 2016 soccer tournament.

Fake football apps appear on the Google Play Store in time for Copa America and Euro Cup.

Copa America Centenario and Euro Cup start this Friday and next Friday respectively, and everyone across the Americas and Europe are in the football/soccer spirit.

I found four soccer/football apps on the Google Play Store, all with the same or similar names, that are pretty bad knock-offs of the popular FIFA app. All four apps have negative reviews claiming the apps do practically nothing but display ads. Clearly, the person or people behind these apps only intention is to make money and not to deliver quality apps.

I dug a little deeper and despite the fact that these four apps were uploaded under different developer names, they seem to be developed by one developer. All four apps have the same dex files and manifests. Each developer name has only uploaded one app and there are no links to any developer homepages.

Ad heavy soccer apps on Google Play

I decided to test each app to see if the negative reviews regarding the ads were true and unfortunately, they are.

Giving Airpush Inc. more information than the games are worth

All four of the apps request agreement to Airpush, Inc.’s (advertising network) privacy policy & advertising terms when opening the apps for the first time. Accepting these terms means that Airpush can automatically collect certain data from your device, including

  • Device ID
  • IP address
  • List of apps installed on your device

Furthermore, Airpush can receive information via the permissions you granted the app, including

  • Precise geolocation
  • Browser history
  • Email address
Additionally, when you click “Ok” to these terms you give your consent for Airpush to associate the Google advertiser ID from your device with other information it collects about your device, including persistent device identifiers and/or personally identifiable information.

Airpush Inc. Terms and Conditions

You’re probably thinking “Just click ‘Cancel’ to avoid giving away your personal information to Airpush, but more importantly, to avoid the annoying ads!”. I hate to disappoint, but even if you click “Cancel” a Sky entertainment ad appears as soon as you start a game.

Football 2015

The first app I tested was “Football 2015” and was the app that showed the least number of ads out of the four. The quality of the game is also the worst out of all the apps. The players look like Ikea’s GESTALTA artist figure, making it impossible to figure out which player belongs to which team. Immediately after starting a game, the app showed an ad, but this was the only one I encountered while playing. While playing though, the field became very dark and all I could see was the score, the ball and the controls.

 These players look like figurines at IKEA

Dark buggy game

Soccer 2016

The quality of the game got better in “Soccer 2016”, at least the players looked like actual people and had team jerseys on. What did not improve with this game was the number of ads…

The app opened and greeted me with the first ad. When I tried to get around the ad to start a game, a pop-up appeared telling me the page wanted to open a new play store window. I decided to decline.

Soccer 2016 game

After this, I was able to start a game – at least so I thought. Blocking my view of the stadium was, surprise, surprise, an ad!

When I tried getting around this ad, I was asked if I wanted to complete my action using my browser. Then I was brought to page with a Sky Entertainment offer.

Despite all of these frustrating ads, I went back to the app to play. That is when, in my opinion, the most impressive ad appeared. A dark space blocking my view of the game!

Dark ad blocking the game in Soccer 2016

The other Soccer 2016

The next “Soccer 2016” app started out a lot worse than the first “Soccer 2016” app, in terms of ads (the quality of the games are identical). I clicked on “single player” to start a game and faster than I could take screenshots a bunch of different ads loaded and I ended up on a page promoting Google apps.

Google_ad_soccer_2016_edit.png

Google_ad_Soccer_2016_2_1-1.png

At some point while playing I also got a full screen Amazon ad.

Finally, when the game was over, a pop-up appeared telling me the page wanted to open a new play store window. This lead to the “Mobile Strike” app page opening in the Play Store.

The 2nd Soccer 2016 game

Adware in Soccer 2016 II

Football 2016 – 2015

The fourth and final app I tested was “Football 2016 – 2025”. When I started a game a pop-up appeared, like in the other apps, that directed me to a Play Store app page. When I re-opened the app to continue playing, some very interesting pop-ups appeared.

Supposed viruses detected in buggy football game

The first pop-up claimed that 13 viruses were detected on phone.

The next pop-up went as far as claiming that if I do not resolve this within a few minutes, the virus will damage my SIM card. Then steps on how to install 360 Security appeared with a “Remove virus” call to action button.

Ad promoting 360 security

After clicking on “Remove virus” another pop-up appeared telling me that I will be directed to the Google Play Store for antivirus installation and asked me to “please launch the antivirus application and remove all viruses”. I clicked “Ok” and another pop-up appeared asking me to confirm that I wanted to navigate from the page and then yet another pop-up appeared asking me to allow the page to open a new Play Store window.

Football 2016-2015 directing user to Google Play

Football 2016-2015 directing user to Google Play

Football 2016-2015 directing user to Google Play

I was a bit surprised when the Play Store window opened. Although the previous pop-up ads told me 13 viruses had been detected on my phone and that I needed to install 360 Security, the app page I was directed to was a cleaner app.

DU Cleaner

This is a classic social engineering trick. Social engineering is often used to trick people into downloading malware. In this case, affiliates used social engineering to try and convince me that if I did not download the app they were advertising, my phone’s SIM card would suffer. However, they didn’t do the best job since the app they directed me to had nothing to do with viruses that were allegedly detected on my phone. We have contacted 360 Security, as they may not be fond of, nor aware that affiliates are using this method to promote their app. Also, we reported the app to Google.

Always stick to trusted apps

Someone is clearly trying to make money by showing soccer/football enthusiasts a nearly uncomfortable number of ads. These apps may be smaller in size than the FIFA app, but I can definitely recommend downloading the FIFA app over these apps if you want to enjoy playing a nice game of soccer/football.

Avast Mobile Security detects these apps

These apps are not malicious per se, but the aggressive ads are certainly not pleasant. Avast Mobile Security, therefore, detects these apps as adware.