You might be used to this kind of news already if you frequent our space. Last year no tangible progress was made in terms of cracking down on malicious apps from appearing on the Google Play Store despite the continuous efforts the company has been laying in place.
The latest report comes from security researchers at Bitdefender who uncovered 17 apps on the Google Play Store that, when installed, “constantly display aggressive ads.”
Although not considered as malicious in any way, the primary question is how these apps make their way into the Google Play Store without being apprehended by Google’s Play Protect vetting system.
The seventeen apps, in total, have amassed over 500 thousand downloads on the play store.
The apps used a hideous mechanism to hide against Google’s Play Protect scrutiny, according to researchers.
At first, when the apps are immediately installed, they hold off from display ads until four hours. Another technique employed involves splitting the app’s code into multiple resource files – one with the actual resources, for a game, for example, and the other compartment for storing the malicious code.
These Android apps also display ads at random intervals, unlike what common adware has been doing and, also disappears after 48 hours since installation.
An example of this was the Car Racing game app which was caught showing users random ads while playing the game or at times when not in the app. The apps ships with unused game-related .so files – used to provide fast graphics rendering – that are leveraged to display intrusive ads.
Well, like most apps which are caught with similar behaviour of showing full-screen ads, user reviews gave a clue of what to expect. And this is one of the major reasons why you should always take your time before hitting the download button.
The whole list of 17 apps discovered in the report, although from different creators had similar behaviour.
It is interesting that some were even found requesting sensitive user data like “phone model, IMEI, IP address, MAC address, and location information.”
You can see the full list of the apps mentioned below;
Bitdefender says that they have already notified Google of the apps and that they are “being taken offline.”
So, if you have any of these apps in your Android phone, uninstall them right now.