This is a big warning for the users of Google Play Console (Android Developers). Somebody wants to scam us and literally steal our apps. Read more for detailed info.
This morning I got an email from "Google" with the next content (shown in the image below), and I was pretty upset first 5-10minutes because I know that I do deep research on Google Policies before doing anything because I was randomly stroked 3 years ago and got my app L Speed down from the Play Store.
The message says:
Hello developer
We've carefully reviewed your apps, and discovered the following
Your apps contain content that does not comply with the advertising policy
We don't allow apps that contain deceptive or disruptive ads
We will do our part to delete all your apps due to repeated violations
If you believe this was the result of an unintended error, please respond to us as soon as possible before taking action against your apps
Looking forward to your response
At first, this looks pretty legit, but the first thing I have noticed is, that they haven't mentioned my name. Google usually mention your developer account when they have some warning or information for you.
The second thing I have noticed is an email. Just take a look at the e-mail suffix. I'll post the minor info about the e-mail I have received.
from: Support <google @ account-developer.com>
to:Danijel Markov <*****>
date:Apr 15, 2022, 10:28 AM
subject:Re: Support
mailed-by:account-developer.com
signed-by:account-developer-com.20210112.gappssmtp.com
security: Standard encryption (TLS) Learn more
:Important according to Google magic.
The second thing I have noticed is an email. Just take a look at the e-mail suffix. I'll post the minor info about the e-mail I have received.
from: Support <google @ account-developer.com>
to:Danijel Markov <*****>
date:Apr 15, 2022, 10:28 AM
subject:Re: Support
mailed-by:account-developer.com
signed-by:account-developer-com.20210112.gappssmtp.com
security: Standard encryption (TLS) Learn more
:Important according to Google magic.
I also have checked the domain over which the email was sent and it also was quite interesting.
Registrar Info
Name
NameSilo, LLC
Whois Server
whois.namesilo.com
Referral URL
https://www.namesilo.com/
Status
clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Important Dates
Expires On
2023-04-12
Registered On
2022-04-12
Updated On
2022-04-13
Name Servers
NS1.DNSOWL.COM
162.159.27.173
NS2.DNSOWL.COM
162.159.27.130
NS3.DNSOWL.COM
162.159.26.234
Registrant Contact Information:
Name
Domain Administrator
Organization
See PrivacyGuardian.org
Address
1928 E. Highland Ave. Ste F104 PMB# 255
City
Phoenix
State / Province
AZ
Postal Code
85016
Country
US
Phone
+1.3478717726
Email
Administrative Contact Information:
Name
Domain Administrator
Organization
See PrivacyGuardian.org
Address
1928 E. Highland Ave. Ste F104 PMB# 255
City
Phoenix
State / Province
AZ
Postal Code
85016
Country
US
Phone
+1.3478717726
Email
Technical Contact Information:
Name
Domain Administrator
Organization
See PrivacyGuardian.org
Address
1928 E. Highland Ave. Ste F104 PMB# 255
City
Phoenix
State / Province
AZ
Postal Code
85016
Country
US
Phone
+1.3478717726
Email
Information Updated: 2022-04-15 08:21:07
Name
NameSilo, LLC
Whois Server
whois.namesilo.com
Referral URL
https://www.namesilo.com/
Status
clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Important Dates
Expires On
2023-04-12
Registered On
2022-04-12
Updated On
2022-04-13
Name Servers
NS1.DNSOWL.COM
162.159.27.173
NS2.DNSOWL.COM
162.159.27.130
NS3.DNSOWL.COM
162.159.26.234
Registrant Contact Information:
Name
Domain Administrator
Organization
See PrivacyGuardian.org
Address
1928 E. Highland Ave. Ste F104 PMB# 255
City
Phoenix
State / Province
AZ
Postal Code
85016
Country
US
Phone
+1.3478717726
Administrative Contact Information:
Name
Domain Administrator
Organization
See PrivacyGuardian.org
Address
1928 E. Highland Ave. Ste F104 PMB# 255
City
Phoenix
State / Province
AZ
Postal Code
85016
Country
US
Phone
+1.3478717726
Technical Contact Information:
Name
Domain Administrator
Organization
See PrivacyGuardian.org
Address
1928 E. Highland Ave. Ste F104 PMB# 255
City
Phoenix
State / Province
AZ
Postal Code
85016
Country
US
Phone
+1.3478717726
Information Updated: 2022-04-15 08:21:07
Before I was hitting the SPAM button, I decided to reply to them and see what's their next move, and I wasn't surprised at all. Right after I replied to them, they replied back in less than 3 minutes which isn't true for Google. Google usually needs 24h or more in order to reply to you back. Here is the second email from them.
The message says:
Hi developer
Note that Google Play Developer account terminations are associated with developers, and may span multiple account registrations and related Google services. Do not attempt to register a new developer account. Any new accounts will be closed and your developer registration fee will not be refunded
For the time being please reply to us with the following information in order to verify your ownership of the apps before starting to solve the problem
Developer Name
the package names for your apps
Phone Number
Looking forward to your response
Again, "Hi developer" instead of marking the full developer name, some "legit" message and at the end which clearly says this is a SCAM.
Developer name - Google would never ask for it since email refers to it
Package names - Huh, what? Google doesn't have info about my apps package names?
Phone Number - Just imagine Google asks you for your phone number, what they would call me?
Developer name - Google would never ask for it since email refers to it
Package names - Huh, what? Google doesn't have info about my apps package names?
Phone Number - Just imagine Google asks you for your phone number, what they would call me?
Here are some references from support.google.com
What phishing is?
Phishing is an attempt to steal personal information or break in to online accounts using deceptive emails, messages, ads, or sites that look similar to sites you already use. For example, a phishing email might look like it's from your bank and request private information about your bank account.
Phishing messages or content may:
Phishing is an attempt to steal personal information or break in to online accounts using deceptive emails, messages, ads, or sites that look similar to sites you already use. For example, a phishing email might look like it's from your bank and request private information about your bank account.
Phishing messages or content may:
- Ask for your personal or financial information.
- Ask you to click links or download software.
- Impersonate a reputable organization, like your bank, a social media site you use, or your workplace.
- Impersonate someone you know, like a family member, friend, or coworker.
- Look exactly like a message from an organization or person you trust.
Read more on: Avoid and report phishing emails
This is my story and I hope this blog post will spread so other developers won't be caught in the traps like this. Sending any of your personal information to scammers won't just impact the account for what it's meant for, all your accounts are connected usually with the same email, and phone number and also can contain the same passwords.
Not so long ago, my phone number was leaked somewhere, I had several unsuccessful attempts to log in on my Telegram account, and in the end, they did it. I got a login activity from Germany, where they somehow bypassed the two-factor authentication, changed my name and profile picture, and sent 10+ messages about crypto.
For sure people reported and my account was limited, now it's actually the second week me trying to contact Telegram support and get released from that limitation since my Telegram account is very important for me and my job.
Seems like it won't happen, but this won't stop me from trying. Also if you have any idea how can I contact them and remove that limitation, since it's not my fault at all, let me know in the comments.
Be safe and aware.
Not so long ago, my phone number was leaked somewhere, I had several unsuccessful attempts to log in on my Telegram account, and in the end, they did it. I got a login activity from Germany, where they somehow bypassed the two-factor authentication, changed my name and profile picture, and sent 10+ messages about crypto.
For sure people reported and my account was limited, now it's actually the second week me trying to contact Telegram support and get released from that limitation since my Telegram account is very important for me and my job.
Seems like it won't happen, but this won't stop me from trying. Also if you have any idea how can I contact them and remove that limitation, since it's not my fault at all, let me know in the comments.
Be safe and aware.