Fake Nami app in Google Play

There seems to be a fake Android Nami app in Google Play Store:

And it seems to be quite successful, since https://github.com/Berry-Pool/nami-wallet/issues/374 and https://github.com/Berry-Pool/nami-wallet/issues/370 lost their funds going to the same target address. :frowning:

I still don’t have a definitive answer how we can teach people to distinguish fakes and scams from legitimate wallet apps. If I try to verbalise it, I’m not even sure, how I myself do it exactly. How do I know that I deem adalite.io, ccvault.io and namiwallet.io and apps linked directly from there legitimate, but others not?


Reported, but still there. Google cashes in on scams, again.

1 Like

Also reported it and, yes, they could be a bit faster. Probably, it would help if the Nami people would claim trademark violation in addition, but they are quite unresponsive since the SundaeSwap incidence drowned them in users.

But I don’t see, how Google cashes in on a free app.

And automatic take-downs after X reports also get exploited in the other direction all the time for any amount of X.

In my time one needed a developer account to upload such apps which cost USD25 one-time fee, but they may have changed their business model since back then.
Of course I do not mean that Google gets cashback from frauds, at least not directly.

1 Like

Yes, it’s still the case. I doubt that they refund it when the app is taken down for fraud, though. They “just” need to be much quicker with that.

But since they will never be quick enough, we probably still have to do more to give new users enough security advises … or just live with the frauds and scams and hacks.

1 Like

A placeholder in the app store?

So that new users see, wait, there cannot be more than one, is there possibly a problem?

Some dummy app which says after installation, and in the description already, there is no mobile Nami/Daedalus, go for this and that.

Should they decide to make a mobile version later, this can be replaced.

Yes, could be done.

Puts kind of a burden on tool developers to do that for platforms that they specifically do not want to target right now. And it’s easy to miss the point, where it becomes necessary on the way from a barely usable “Just trying out what is possible.” prototype to something used by a lot of people.

Is it only necessary for Google Play/Android? Or also for F-Droid, iOS, the extension stores of all the browsers, …?

Yet another reason to use hardware wallets. Also, if you invest in any kind of cryptocurrency and expect serious investors to do the same, I don’t think these people would be willing to use a software wallet.

1 Like

lost 7 assests meld, pavia tokens 7 other assests 8k

i reported it to the Berry telegrams 4 days ago.
\I lost them Saturday at 4pm

Reported but still there… hopefully theyll take it down asap

What?!? Still there after three weeks?

ASAP is pretty non-soon with Google. …

1 Like

Isn’t it a shame that you can’t validate the apps you download?

Neither digital signature nor a checksum can be obtsined, at least not on an iPhone. What we have is a single point of failure.

You have to be very careful, don’t just go for the first add you find. You need to visit the Cardano homepage and follow links from there. This applies to all cryptocurrencies, so if you have Sol you go to the Solana homepage and do the same.

What should that help? The scammers could provide a signature and a checksum easily. They could even found a “Nami, Inc.” for it in some state of the world, where that is easy and fast.

For the information that this is not the real Nami, people still would have to cross-check the real source. But they can already do that today and don’t do it.

There are problems, a lot of problems that do not get solved by throwing cryptography at them. In the whole space of cryptocurrencies, lots and lots of crimes and frauds happen cryptographically signed on immutable blockchains.

I mean something calculated like an md5 checksum. For some software, there is a published checksum that you can use. You can check that the executable has been signed.

And, of course, if people don’t pay attention at all, then there’s nothing that helps.

please report it : https://play.google.com/store/apps/details?id=com.oinami.nawal