Malware-ridden apps are everywhere and all of them are bad. You can get them from apps downloaded from the Google Play Store or if you sideload them. But, here’s why you should stick with the Google Play Store if you’re looking to download your free, paid, new or interesting apps.
There’s a new type of malware that’s even scarier that will make you run to the gated Google Play Store. The malware known as xHelper keeps itself installed even after repeated attempts to remove it.
xHelper spams your notifications, downloads other threats, displays ads and will change your browser homepage. According to Symantec, xHelper has infected up to 45,000 devices in the past 6 months. The app shows itself as an application component which means it won’t be listed in the device’s application launcher and thus its malicious activities go unnoticed.
How the malware operates
According to Malwarebytes, the source of these infections is “web redirects” that send users to web pages hosting Android apps. These sites instruct users on how to side-load unofficial Android apps from outside the Play Store. Code hidden in these apps downloads the xHelper trojan.
Even after uninstalling the malware, it will find a way to reinstall itself. Doing a factory reset won’t help as it will reinstall itself too.
It is presumed the malware comes pre-installed on infected devices and it has been found on phones made by Chinese OEMs. Chrome could also be suspect as uninstalling the browser hinders xHelper from reinstalling itself.
The app can’t find itself into owners devices through the Google Play Store.
This means that if you don’t know how to ensure the app you’re sideloading is safe or clean, strictly head to the Google Play Store and download your apps from there. It isn’t the safest but it does its best when it comes to screening apps for malware with its Play Protect feature.
Google Play Protect works by checking apps when you install them and periodically scans your phone. If a potentially harmful app is found, Google Play Protect will send the device owner a notification that allows them to either disable, uninstall or remove the app.
In most cases, if a harmful app gets detected, a notification saying the app has been removed will be sent.
Google reports that for users who strictly downloaded apps exclusively from the Play Store, there were PHA(Potentially Harmful Apps) on 0.05% of devices in 2016 compared to 0.15% in 2015. This number could probably be even lower by now.
These percentages are still huge when put in perspective of the over two billion Android devices. The company knows it can’t catch everything and it has been reaching out more and more to increase threat-intelligence sharing and collaboration with third-party firms that find things Google misses.