A scammy-seeming Android app promises an easy way to get firmware and security updates for your Samsung phone, but in reality the app takes you to ad-filled pages and charges you for free software, according to a security researcher.
Called Updates for Samsung, the app has more than 10 million downloads and is still in the Google Play store as of today (July 5). Aleksejs Kuprins, who works for the CSIS Security Group in Denmark, detailed the app's apparent sleazy dealings in a blog post yesterday (July 4).
"Besides being stuffed with advertisement frameworks and not being affiliated with Samsung (yet distributing their firmware), the app offers paid subscriptions for the downloads of the said firmware," Kuprins wrote. "A user can get an annual subscription for Samsung firmware update downloads for a small fee of $34.99."
We've reached out to Updato/eVeek, the company behind Updates for Samsung, for comment. We also tried loading the app on our own Android phone, but our Android antivirus app warned us not to, as the app was a known adware repository.
Needless to say, don't install Updates for Samsung until this matter is cleared up. If you've already got it on your phone, you might want to uninstall it for the moment. If you've paid any money to the company behind the app, make sure your credit-card statements are in order; if anything is amiss, contact the card issuer immediately.
Despite having a 4.0/5 rating in Google Play, there are plenty of complaints about Updates for Samsung.
"This is garbage. it's just news and ads. it doesn't help update anything," wrote one user.
"I would not recommend downloading this app because I tried downloading a firmware and it says 'download unsuccessful'. Plus the ads on this app keeps popping up out of nowhere and it's kind of annoying," wrote another.
"BUGGY, BUGGY & EVEN MORE BUGS! LOCKS UP HARD ON A SAMSUNG GALAXY S10 Plus. Not JUST App lockups & freezes. ENTIRE PHONE FREEZES REQUIRING RESTART!!!! BOO / HISS" said our favorite comment.
In his blog posting, Kuprins noted that while Updates for Samsung does provide both free and paid firmware updates for Samsung phones, it throttles the download of any free update to 56kbps, the speed of a dial-up modem. Most users will cancel such downloads out of frustration.
He also pointed out that the credit-card payments go directly to the Updato website, instead of through Google Play as Google normally requires.
Kuprins told ZDNet that he had told Google about the app and requested its removal from the Play Store. He also urged readers not to blame Samsung users for falling for the apparent scam.
"It would be wrong to judge people for mistakenly going to the official application store for the firmware updates after buying a new Android device," he wrote in his blog posting. "Vendors frequently bundle their Android OS builds with an intimidating number of software and it can easily get confusing."
To be fair, the fine print on the Updates for Samsung page in the Google Play store notes that it "Contains Ads" and "Offers in-app purchases." There's also a disclaimer that "Updato is not affiliated in any way, shape, or form with Google Inc. or Samsung Electronics Co. Ltd."
How to Install Updates on Your Samsung Phone
Samsung routinely pushes out firmware updates and notifies the user that the updates are available for installation. But you can also check for and install updates manually, just as you can for almost any Android phone.
-- Find the Settings app among your listed apps and open it.
-- Scroll through Settings and click on Software Update. (In many non-Samsung phones, Software Update is found in About Phone.)
-- Click on Check for system updates or Download and install
-- Click OK.
If there's a system update available, the phone will prompt you to download and install the update.
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.