PSA: Fake YouTube Vanced app listed on Play Store
Official app support for third party services often play a key role behind the success of the platform as well as the service. We all know the tragic demise of Windows Mobile due to lack of third party apps.
On the other hand, sometimes you may want to get rid of all the extra ‘features’ from an official app. For example, bundling Facebook with a phone and running the humongous memory hogging app may irritate an individual so much that they end up with certain things “de-bullshified”.
The regular YouTube app is not that miserable though. It also offers a ‘Go’ variant for users with less bandwidth and entry level phone. Obviously there are some caveats, such as background playback or picture-in-picture (PiP) mode are reserved for the premium tier.
Oh, and you need to deal with ads… I mean A LOT OF ADS! ?
Vanced is a well known modded version of YouTube with many features such as adblocking and background playback and many more.
The idea behind creating Vanced is quite simple: original YouTube apps share a large volume of common codebase. Thus, patching the condition checks and porting premium features seem feasible. The group of developers have done exactly that.
Problem is the modded version can’t be distributed via Play Store as it violates number of policies imposed by Google. As a consequence, developers offer both root and non-root based solutions via the XDA thread or their official site for sideloading.
Because of the popularity of this mod, copycats are always popping up like mushrooms after rain. We are now aware of another such incident. A random person has uploaded the non-root version of YouTube Vanced (package name: com.vanced.android.youtube) to Play Store and it is still up at the time of reporting.
Identifying the copycat doesn’t require much time. The developer ID is already taken down by Google. While no website is mentioned, the contact email domain reveals the identity of the person easily. And yes, it is the exact person who has left the sole five star rating.
Experienced eyes should be able to spot the anomalies, but unfortunately, that does not account for majority of users. To make things worse, users who have installed the non-root version are now automatically redirected to this listing if they check for updates via Play Store.
Play Store primarily scans the package name for querying. For the same reason, APKMirror is also compromised. Their bot crawls Play Store listings and adds the copycat in the description of the mod.
The author was informed by a friend about the incident last night. After verifying it ourselves, we contacted YouTube Vanced team. The response from the representative is as follows:
Yes, unfortunately nothing we can do about it. Pisses me off though.
We are trying to contact APKMirror/Android Police guys to rectify the issue on their end. Eventually Google may remove it, but the attack vector should not be ignored.
For our readers who use YouTube Vanced, never install/update it outside of the official site ot XDA thread.
PiunikaWeb is a unique initiative that mainly focuses on investigative journalism. This means we do a lot of hard work to come up with news stories that are either ‘exclusive,’ ‘breaking,’ or ‘curated’ in nature. Perhaps that’s the reason our work has been picked by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and more. Do take a tour of our website to get a feel of our work. And if you like what we do, stay connected with us on Twitter (@PiunikaWeb) and other social media channels to receive timely updates on stories we publish.