Google Play Store reportedly failed to detect 29 malicious apps that had over 10 million collective downloads

By Shubham Sharma | Published on Sep 27 2019
Google Play Store reportedly failed to detect 29 malicious apps that had over 10 million collective downloads

Make your home smarter than the average home

Make your life smarter, simpler, and more convenient with IoT enabled TVs, speakers, fans, bulbs, locks and more.

Click here to know more

HIGHLIGHTS

Google Play Store removed 29 malicious apps after Quick Heal reported them.

24 of the apps were HiddAd Apps that would show full screen intrusive ads.

Five of the apps were Adwares and some of them crossed over 1 million downloads before removal.

It’s not easy managing the Google Play Store as thousands of apps are daily uploaded on the platform for approval and review. As per Statistica, over 6,140 mobile apps were released every day through the Google Play Store between Q3 2016 to Q1 2018 and the numbers have most likely gone up even more since then. Even though these numbers are high, that doesn’t mean that the Google Play team can skimp on observing tighter control over uploaded apps and their behaviour since Apple manages to do the same just fine. Quick Heal Security Labs has now reported 29 malicious apps on the Google Play Store that collectively sported over 10 million downloads. 

Twenty four of the 29 apps are HiddAd Apps, which install a shortcut on the home screen and hide their app icons after first boot so that users have trouble uninstalling them. When the shortcut is launched, these apps display intrusive full-screen ads and some of them can do the same even when not being run in the foreground. So, if your phone was showing pop-up ads out of the blue, one of these apps might be to blame. As per the report, most of the reported apps were classified under ‘Photography’ category.

The remaining five apps were Adware that would sneak into an Android device via absurd advertisements that are run on social media sites like YouTube, Facebook and others. Associate Security Researcher at Quick Heal, Digvijay Mane, notes, “Many a times, these promoted mobile applications boast about a lot of unbelievable functionalities like X-Ray scanning. We came across few advertisements of some interesting Android Apps which claim to offer functionality of X-ray scanning. When we explored the App further, we found out that two such apps have crossed 1 million + downloads already.”

While Google removed these malicious apps from the Play Store once they were reported, it begs the question, how they flew under the company’s radar for such a long time. Quick Heal also notes that users duped by these apps left scathing reviews but it seems like even that wasn’t enough to draw Google’s attention. 

While we might sound harsh, it should be noted that this is not the first time such a case has been highlighted. In June this year, researchers from the University of Sydney and independent Australian federal government agency CSIRO’s Data61 came across 2040 malware-laden counterfeit apps on the Google Play Store. While back in December 2019, Google used machine-learning backed anti-spam system to delete dubious reviews and thousands of shady apps from the Play Store, it seems like its efforts to keep the Play Store free of malware-laden apps have again dwindled. 

Image Credits: Quick Heal

logo
Shubham Sharma

Working on a miniaturised version of the Arc Reactor.

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.