Dodgy Apps in Google Play

Security researchers have discovered 36 fake and malicious apps for Android that can harvest your data and track your location, masquerading as security tools in the trusted Google Play Store.

Hidden

The 36 malicious apps were, on the surface, the kind of security apps that are commonly downloaded by (Android) smartphone users to protect their device and data from cyber attacks and hackers. Ironically, the apps, which had re-assuring names such as Security Defender and Security Keeper, and which performed some legitimate tasks on the surface, such as cleaning junk, saving battery, scanning, and CPU cooling, were found to be hiding malware, adware and even tracking software.

Once the apps were launched, researchers discovered that they would not appear on the device launcher’s list of applications, and the shortcuts would also not be shown on the user’s phone screen.

The malicious app makers are thought to have known that the “hide” function would not work on some devices (e.g. Google Nexus 6P, LGE LG-H525n and ZTE N958St.) because the hide was designed not to run on them. They may also have done this to avoid attracting the attention of Google Play’s inspection / checking system.

False Notifications, Fake Alerts, and Adverts

The fake apps were even found to have been designed to deliver false, often convincing, but sometimes alarming security notifications, warnings and pop-up windows to the user. For example, users would be shown pop-ups to show them that fake security issues had been resolved. Also, if the user installed another app, then it would be reported as suspicious.

Users of these fake apps could also fall victim to an aggressive barrage of advertisements with each action, because the app may have been designed for display and click fraud.

Asked To Sign – But Collecting Data

In some cases, in an abuse of privacy, the malicious apps were found to ask users to sign and agree to an end-user licence agreement (EULA) relating to the information to be gathered and used by the app. In fact, the hidden aspects of these apps were found to be able to collect large amounts of device and user information, such as Android ID, model and brand of the device, screen size, language, location, and data on the other installed apps e.g. Facebook.

Removed

It has been reported that, since the researchers alerted Google to the presence and nature of the apps in December, they have now been removed from Google Play.

Not The First Time

Unfortunately, this isn’t the first time that fake apps have been found in the Google Play Store. Last November, a fake version of WhatsApp, the free, cross-platform instant messaging service for smartphones, was downloaded from the Google Play store by more than one million unsuspecting people before it was discovered to be fake.

What Does This Mean For Your Business?

What is a little shocking about this story is that Google Play is a trusted source for apps, and it is particularly ironic that in this case that users could have downloaded the apps as a security measure to protect them, only to find that they did the opposite.

Although the obvious advice is to always check what you are downloading and the source of the download, the difference between fake apps and real apps can be subtle, and even Google (in this case) didn’t spot the hidden aspects of the apps.

The fact that many of us now store most of our personal lives on our smartphones makes reports such as these all the more alarming. It also undermines our confidence in (and causes potentially costly damage to) the brands that are associated with such incidents e.g. the reputation of Google Play Store.

To minimise the risk of falling victim to damage caused by fake apps, users should check the publisher of an app, check which permissions the app requests when you install it, delete apps from your phone that you no longer use, and contact your phone’s service provider or visit the High Street store if you think you’ve downloaded a malicious / suspect app.
It may also be time for Google Play Store to review its systems and procedures for checking the apps that it offers.