Two malicious Android apps with a combined total downloads over 1.5 million times have been removed from the official Play Store after Google were informed they were serving up adware.
Adware serves pop-up adverts which make money for its developers whenever the adverts are clicked. While adware is often more of an annoyance than anything else, the intrusive adverts can cause issues for users as the ads constantly run in the background, repeatedly interrupting use and draining battery.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
However, the two malicious apps – Sun Pro Beauty Camera and Funny Sweet Beauty Selfie Camera, examined by researchers at Wandera – also came with a number of additional permissions that suggest that the apps could be used for more intrusive behaviour if desired.
Both apps requested to record audio, allowing the app to use the microphone to listen in to anything said near the device at anytime, as well as a number of permissions that allow the app to be persistent on the device.
Sun Pro Beauty Camera was initially released in September 2017 and in its two years in the Play Store was downloaded over a million times. Funny Sweet Beauty Camera appeared in July this year and was downloaded over 500,000 times in just two months.
In both cases, the app is the only app published by the named developer, but both managed to get through vetting for Google’s official app store.
“It’s not the first time we’ve seen bad apps make it onto an official app store. Unfortunately, the vetting carried out by these official stores is largely focused on user experience,” Dan Cuddeford, director of sales engineering at Wandera told ZDNet.
“Malware authors are very clever at hiding malicious functionality but there are usually some telltale signs,” he added.
Both of the apps are packed with a Chinese tool which prevents the APK of the apps being unwrapped and analysed – and while researchers point out that this isn’t a cast-iron guarantee of ill intent due to the functionality being used by many gaming apps, its use in a simple selfie app could potentially raise questions.
SEE: Malicious Android photography, gaming apps downloaded 8 million times from Google Play
The two apps have now been removed from the Google Play store and researchers recommend that those who’ve downloaded the apps uninstall them – even if that involves a factory reset.
To help avoid installing Android malware and malicious apps, Wandera recommends that users check the permissions the app requires to install and avoid doing so if they demand too much access to the phone.
Researchers also recommend looking at reviews of Android apps: both Sun Pro Beauty Camera and Funny Sweet Beauty Selfie had a spate of one star reviews complaining about the intrusive pop-up adverts.
ZDNet contacted Google for comment, but at the time of publication hadn’t received a reply.
MORE ON CYBER CRIME