First things first. Anything you have been hearing about Reliance Jio's participation in the cryptocurrency race is not confirmed and the company hasn't hinted of such plans in the pipeline. And no, Akash Ambani, chief of strategy at Jio, is not spearheading a cryptocurrency project under which Jio Coin would find a perfect fit.
In light of this clarification, speculations surrounding a Bitcoin-like cryptocurrency by the disruptive telecom operator that rose to fame in a short period of little over a year has garnered nationwide attention. People searching the web for Jio Coin spiked and as a result, fake websites and apps are luring netizens towards spam.
A recent report on the Economic Times revealed that at least 22 such apps with Jio Coin reference are available for download on the Google Play Store. The only problem is that all apps are fake, falsely promising Jio Coins as a reward for completing a certain set of tasks, which vary from sharing content to asking users to install apps or take surveys.
Our independent research revealed 37 Jio Coin-related apps, offering trading and guides on how to trade for a virtual currency that doesn't exist. These apps have been downloaded anywhere between 1,000 to 5,000 times, but Jio Coin apps have been downloaded between 10,000 and 50,000 times. This is quite alarming.
Shomiron Das Gupta, founder of cybersecurity firm NetMonastery warns users to stay clear of such apps as it is possible that some of them could be hiding a new kind of malware, which can harness your device's CPU power to mine real cryptocurrencies in the background with user's consent or knowledge.
The popular apps from the fake Jio Coin pool seek permissions that can put the user in harm's way. According to ET report, some apps seek permission to access contacts, location, photos and other files, view network connections, provide full network access, and prevent the device from sleeping.
Hackers or malicious publishers can leverage these permissions to their personal gain. Google's lenient verification policy for new apps makes it easier for developers to push malicious apps without undergoing proper vetting. This is not the case with Apple's App Store, which undertakes stringent and long verification process before listing the app on iTunes.
But that doesn't mean Google is simply standing by as fake and malicious apps make their way to the Play Store. In 2017, the internet search titan removed more than 700,000 bad apps from its app store, which is 70 percent more than 2016's removals.
"Not only did we remove more bad apps, we were able to identify and action against them earlier," Google Play product manager Andrew Ahn wrote in a blog post on Tuesday. "99 percent of apps with abusive contents were identified and rejected before anyone could install them."