Google took three months to remove scam app that stole over $5M

Original Article ↗ Hacker News Discussion ↗

Overview of the Scam Case

  • Discussion centers on a fake crypto trading app on Google Play that allegedly stole over $5M from users.
  • The app is described as a “pig butchering” scam: users send real crypto to scammer wallets while seeing fake balances and profits in the app UI.
  • At least one victim used it for 5–6 months before discovering she could not withdraw; at least five others reportedly had similar experiences.
  • The Consumer Financial Protection Bureau (CFPB) allegedly pushed Google for about three months before the app was removed.

Responsibility of Google and App Stores

  • One side argues Google is grossly negligent:
    • Positions itself as vetting apps and promoting “Play Protect.”
    • Ignored or delayed action even after government warnings.
  • Others say Google should remove scams quickly but not reimburse losses; liability should rest with scammers and perhaps regulators.
  • Some note Android is less of a “true walled garden” than iOS, complicating expectations.

User Responsibility and Victim-Blaming

  • Many commenters criticize the victim’s choices (using an unverified crypto app, sending millions without independent checks).
  • Counterpoint: tech and scams are complex; app store presence and “verified” branding reasonably create a sense of safety, especially when platforms advertise that as a benefit.
  • Debate over what “due diligence” for a multi‑million transfer should look like and how realistic it is for ordinary users.

Walled Gardens, Fees, and Monopoly Arguments

  • App stores’ 30% cut is framed as justified by safety and vetting; critics say this implies responsibility when scams slip through.
  • Others argue high fees are really about monopoly power, not consumer protection, and shouldn’t automatically imply financial guarantees.

Crypto and Scam Risk

  • Several see crypto itself as scam‑prone or inherently speculative; others push back, distinguishing legitimate non‑custodial tools from fraudulent platforms.
  • Some argue closeness to “random crypto apps” should increase, not decrease, a user’s skepticism.

Google’s Incentives and Enforcement Quality

  • Perception that Google is lax on high‑revenue or scammy apps while being harsh on small, harmless developers.
  • Claims that Google’s anti‑abuse and review systems favor scale and profit over safety; suspicion (not evidenced) of possible corruption.
  • Broader frustration that many Google products (Search, Gmail spam filtering, Play review) are perceived as declining in quality.

Regulation, Law Enforcement, and Jurisdiction

  • Some argue law enforcement, not platforms, should be the primary scam deterrent, but acknowledge cross‑border cybercrime is hard to police.
  • Proposals include:
    • Stronger powers for agencies (e.g., FTC/CFPB) to order rapid takedowns.
    • Stricter onboarding for financial apps and for developers in high‑risk countries.
    • Better separation between handling the fraud itself and punishing Google for slow response.
  • Concerns raised that over‑empowered regulators in media/online spaces could threaten free speech if misused.

Dark Patterns and Non‑Illegal “Scammy” Apps

  • Beyond clear fraud, commenters highlight predatory but technically legal practices (e.g., forced-trial apps with exorbitant weekly fees).
  • View that app stores benefit financially from these patterns and have little incentive to clean them up.