Google Play scam apps downloaded more than 8 million times by Android users
Researchers at cyber security firm Trend Micro discovered adware-laden apps posing as 85 different photography or gaming apps in the Google Play store.
Combined, the apps had been downloaded more than 8 million times to people’s smartphones and tablets.
“We found another example of adware’s potential real-life impact on Google Play,” Ecular Xu, a mobile threat response engineer at Trend Micro, wrote in a blog post detailing the fraudulent apps.
“Apart from displaying advertisements that are difficult to close, it employs unique techniques to evade detection through user behaviour and time-based triggers.”
One of these techniques is to create a shortcut for the app on a device’s home screen exactly 30 minutes after the app is installed to make it more visible.
The technique also deters Android users from uninstalling the app by dragging and dropping its icon to the Uninstall section of the screen, Mr Xu noted.
Once opened, the apps function as the photography or gaming apps that they claim to be, however they display long, full-screen adverts on the infected device that are impossible to close.
Google removed the scam apps after the researchers disclosed their findings to the technology giant.
Despite the apps no longer being listed in Google’s app store, anyone who has already downloaded one or more of the apps will need to manually delete it from their device to get rid of it.
Some of the most popular of the apps are Super Selfie, Cos Camera, Pop Camera, and Line Puzzle. Trend Micro has published a full list of the scam apps.
The researchers said antivirus software can be used by Android users to detect malicious apps and adverts in order to prevent their security and privacy from being compromised.
“It also pays to read the app reviews before installing them, as they can help raise red flags if they show suspicious behaviours,” the blog post stated.