Scam: No Samsung phone updates? There's an app for that on Google Play with 10 million users

User reviews suggest you probably should not download the hit “Updates for Samsung” app.

What mobile developer wouldn’t want 10 million users? You could do it by making a product that people really want. Or you could exploit a perceived difficulty, say like, getting firmware updates from the world’s biggest smartphone maker

The problem many Android users face, including those who own Samsung phones, is that after a few years, getting firmware updates is impossible. Especially for owners of Samsung’s lower-end phones. Besides firmware updates, the company only provides monthly security updates to its higher-end Galaxy phones. Cheaper phones are abandoned.    

The second approach — exploiting the fact that firmware updates are hard to come by — appears to be what has made the app “Updates for Samsung - Android Update Versions” so popular. 

The app has over 10 million downloads, according to the Google Play Store, and a four-star rating. 

But users have slammed the app in recent reviews. 

“This app is a lie. install if you love getting 70 ads at once, because thats all it does. no, it doesn't let you update. neither does it let you upgrade. all it does is spam your Screen with many ads, EVEN PORN ADS!,” reads one

“It hijacked my phone while in the middle of a call. it wouldnt boot up, had the robot on the screen for 2 solid days downloading something that froze up. after multiple attempts at hard booting by removing battery, it still was locked on that frzen download screen. sprint store had to factory reset it, and 3 hours later it did it again,” wrote another user. 

A researcher from Danish security firm CSIS Group called out the app in a blogpost for using mobile ads to earn cash off of this inconsistent pipeline of firmware updates from Samsung to end-user devices.

The company notes that most of the content of the app is scraped from a blog called updato[.]com, which contains news about Android help. 

Users of the app can also search it for firmware downloads for their phone among pages that are “stuffed with advertisement frameworks” and offers paid subscriptions for the firmware downloads. And while the app itself is distributed on Google Play, purchases of supposed Samsung firmware are pushed on to the web. 

“A user can get an annual subscription for Samsung firmware update downloads for a small fee of $34.99. Interestingly, that doesn’t happen through the official GooglePlay subscriptions. The app simply asks for your credit card info and sends it to an API endpoint under updato[.]com over HTTPS,” wrote Alex Kuprins of CSIS. 

Basically it’s a dodgy app that has attracted millions of users through Google’s official app store because Samsung isn’t providing firmware updates to users itself. 

The scam app meanwhile throttles firmware download speeds so that users need to wait at least four hours to get the update — a tactic that’s designed to get users to pay for the “fast download” premium package. Again, this is a scam and a phone even on a good network will not complete the download. 

Whether or not Samsung or other Android vendors do actually provide firmware updates, the better way to get them is via settings within the device. 

"We recommend users to follow Samsung’s designed procedure for downloading firmware updates" said CSIS.

"That is, by opening the “Settings” application on your Android device and navigating to the “About phone” -> “Software Update” menu. These updates are guaranteed to come directly from the vendor and are free of charge."