Google has blocked about 500 malicious apps on Play Store after researchers claimed that there were unsafe apps on its online app store. The apps that were removed include mobile games for teenagers that the researchers believe could spread spyware on mobile phones.
What are these apps capable of?
Earlier this week, cyber-security firm Lookout claimed that the Google Play Store is home to many apps that use the software development kit (SDK) Igexin, which could infect mobile phones with malware.
“Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality — nor are they in control or even aware of the malicious payload that may subsequently execute,” Lookout said in a statement.
According to the mobile security firm, these 500 apps have in total collected 100 million downloads. Some of the apps that were based on the Igexin SDK were SelfieCity (downloaded over 5 million times) and Lucky Cash (downloaded over a million times). Both apps have now been purged and are no longer vulnerable to malicious behavior, the security firm says.
Other apps infected with the malware included a game targeted at teenagers (over 50 million downloads), a photo app, an internet radio app and a weather app. Apps from other categories, including educational, health and fitness, travel, emoji, and home video camera, were also found to be compromised, notes ZDNet. The names of the apps were not disclosed by the security firm.
All these malicious apps have the ability to steal users’ personal data without the app makers actually knowing about it. The apps based on the SDK target users with ads based on their preferences and also communicate with outside servers which previously served malware to people, said Lookout. Though it is not unusual for apps to connect with outside servers, what alerted the researchers was when they found that an app appeared to be “downloading large, encrypted files” from those servers.
Malicious apps on Play Store fooling Google
The cyber-security researchers at Lookout informed Google about the presence of malicious apps on Play Store, and the search giant was quick to remove such apps or, in some cases, update the app with a malware-free version.
“We’ve taken action on these apps in Play, and automatically secured previously downloaded versions of them as well. We appreciate contributions from the research community that help keep Android safe,” Google said an e-mail To Ars Technica.
Despite the heightened focus on security in recent years, malware-infected apps still pass through Google’s system using various obfuscation techniques. As a countermeasure to try to limit such apps passing its security checkpoint, the search giant recently came up with a built-in security feature called Google Play Protect. This security feature thwarts suspicious apps at the cloud level.
In another similar case, Apple and Google removed more than 300 financial trading apps from their app stores. The move came after the Australian Securities and Investments Commission found that the apps’ operators lacked the required license to run such apps. The agency also said the operators did not tell their users about the financial risks associated with using their apps.