Malware In Play Store Doubles Due To Click-Fraud Code

Google published its annual “Android Security & Privacy” report, in which it reported that malware in the Play grew by 100% in 2018. According to the search engine giant, the primary reason for such malware growth is because it finally added click-fraud apps, also known as adware, to its list of “potentially harmful apps.”

Google’s report details adware and other malware which can be found in apps available in the Play Store. The scary part is that a big portion of the app store consists of games downloaded by children who may not understand the risks that come with installing potentially-harmful apps. However, even though malware in the Play Store doubled last year, Google says the rate is still low and that users will be much safer by installing apps through the Play Store instead of other sources.

Since Google included adware apps in its definition of “potentially harmful apps,” or PHA, the install rate grew from 0.02% in 2017 to 0.04% in 2018. The company previously listed adware as a mere Play Store policy violation. The company wrote that if the click-fraud apps were removed, PHAs installed from the Play Store would decline 31% year over year.

The report says adware makes up 55% of all PHA installed through the Google Play Store, making it the most prevalent of all PHA categories. The second-ranked malware category in the Play Store by installation rates goes to Trojan viruses at 16%.

According to Google’s report, adware apps were mainly installed by users from the U.S., Brazil and Mexico. Click-fraud apps became so prevalent on the Google Play Store because developers include embedded software development kits (SDKs) in their apps, some of which have nefarious functionalities the developers aren’t even aware of.

“Distributing click-fraud code in this way is easily scalable and makes it easy for click-fraud SDK developers to be present in the apps of hundreds or even thousands of developers,” Google said in the report.

PHA installs are more common in phones which install apps outside the Google Play Store. The Play Store is equipped with Google’s Protect anti-malware system, which prevented 1.6 billion PHA installation attempts in 2018. The Play Store even blocked 73% of PHA installs from outside the store, which is a 20% improvement over the previous year.

The type of malware that prevails outside the Play Store is different, with backdoors being in first place when it comes to install rate and distribution. Google lists backdoors at 28% of accounting malware, while Trojans, hostile downloads and click-fraud apps are at 25%, 22% and 13%, respectively. Backdoor installs are also targeting Russia, Brazil, Mexico and Vietnam, according to the report.

Earlier this month, the Google Play store was hit by notorious malware called SimBad, which was targetting mainly simulator games and hiding itself behind ads. Fortunately, Google was quickly alerted and has resolved the issue by removing the infected games.




About the Author

Danica Simic
Danica Simic has been writing ever since she was a child. Before she started writing for ValueWalk she was reviewing laptops, headphones and gaming equipment as well as writing articles about astronomy and game development. Danica is a student of applied and computational physics while also studying software and data engineering. Her hobbies include reading, swimming, drawing and gaming whenever she has free time. - Email her at dsimic@valuewalk.com