The Google Play store is full of malicious Android apps that have even been downloaded in the millions and Google is to blame for not screening these apps enough. These sketchy apps have been committing ad-fraud amidst taking advantage of user permissions. These apps have been collecting user data and sending it to China but failing to inform users why they are doing this. Most of these apps are developed by DU group among other companies as revealed by Buzzfeed.

Google’s way of policing these apps has come to attention since these malicious Android apps commit large scale ad-fraud and data collection from users. Six of the apps made by DU have a total of 90 million downloads. These apps request for too many unnecessary and invasive permissions with some of them not necessary for them to function such as a flashlight app and a Samsung TV remote app that might record your conversations using the microphone on your device. These apps collect info on users and send it to China without encryption.

Developers have exploited the Google Play store by hiding who they truly are from users and Google should be doing more to protect its users from these malicious Android apps – these apps obscure users by not listing their direct connection to DU Group. Most of these apps generate and collect user data in the background violating the privacy of its users and this data could be used by government agencies or malicious third parties.

Selfie Camera, AIO Flashlight, Omni Cleaner, Total Cleaner, Smart Cooler, Samsung TV Remote Control, Emoji Flashlight, WaWaYaYa app and RAM Master

The selfie camera app has over 50 million downloads, a 4.5-star rating with oven ten thousand reviews in the Google Play store and was one of the most popular apps in the UK making it look so legit.

These malicious Android apps were found to have malicious code that let it generate fake ad clicks to generate fraudulent revenue in the background when the app was not open thus draining the battery and your data bundles while committing other privacy violations.

These malicious Android apps were also found to contain false advertisements and undisclosed features such as performance enhancement features that only ruin how your phone works. Most of these features are not explained in the app’s description on the Google Play store and increase user’s vulnerability as they could be used as backdoors for trojan attacks to deliver malware.

If you dug deeper on the privacy policies of these malicious Android apps, you’ll be directed to Tumblr websites with strange URLs such as https://superiorzzr.tumblr.com/ or yesexactlyinnerbouquetstuff.tumblr.com/ and this one for the Selfie Camera app, dreamilyswimmingwizard.tumblr.com What is worrying is that even after reading through these policies, they don’t tell you that these malicious Android apps are generating and collecting user data in the background

Overly Permissioned Apps

Most of these malicious Android apps require too many permissions that are not necessary for the app to function such as the AIO Flashlight app that requires almost 31 permissions. This emoji flashlight app with 5 million downloads on the Google Play store requires upto 30 permissions. Both of these apps have requested over 7 permissions that are in the dangerous category as defined by Android and include location data, access to phone sensors, or personal contact information.

The Samsung TV remote app made by Peel technologies asked for over 58 permissions with 23 of those in the dangerous zone. When using the app, it collects behavioural data, device, IP address and your location. It’s more strange that they are already signed up with Samsung to have the tv app and others come preinstalled on the tech giant’s smartphones. It had been frustrating for users since the apps randomly load ads ruining the experience for users. The apps now don’t come pre-installed but there’s a Samsung help page that shows users how to disable the app.

What is Google doing?

All these apps have been blacklisted and removed from the Google Play Store as they go against Google’s policies. Google published a post explaining which measures they are taking to prevent and act on developers who publish malicious Android apps on the Play store. The internet search giant company also added it will hire more people to assess apps on its app store.

How do I protect myself from downloading these malicious Android apps?

Before Downloading:

  • Use trustworthy app stores
  • Take heed of the reviews the app has
  • Check the star ratings the app has gotten
  • Run away from apps that are wildly overly-permissioned
  • Verify if its the real app

After Downloading

  • Stay away from apps that ask for additional unnecessary permissions
  • Remove apps that don’t do what they are supposed to do

Read the steps here with a more in-depth explanation on how to protect yourself from downloading these malicious Android apps.

Here’s a security checklist to go through for your Android Smartphone.

Here’s how to stop apps from sharing your location data.

3 COMMENTS

Comments are closed.