Google Pulls Three Adware-Filled Apps from Google Play StoreArcPoint Strategy
Liam Tung at ZDNet recently shared that back in February, Google had to pull three apps from the Google Play store. These apps were a type of malware often called ‘adware’ because the apps repeatedly direct users, through hijacked system notifications, to paid apps on Google Play or even third-party app stores. These adware apps had been downloaded millions of times before they were pulled.
And because the adware apps often don’t start misbehaving until they’ve been installed for a few days or even a month, it’s incredibly difficult for users to know which app is setting off the fake ads and redirects. Even installing a legitimate security app doesn’t always catch these adware apps.
The fact that these malware apps were able to “sneak” through Google’s security checks and were available in Google Play illustrates the importance of remaining vigilant about knowing what you are installing on your devices, whether Android or iOS or any other system.
While you might expect malware like these apps to be quite advanced, because it managed to get past Google’s Bouncer (server-side run time analysis) and Verify Apps (client-side scanning), you would be wrong. It used a well known attack based on simply waiting a few days before running the malware code (e.g. a ‘time bomb’), and also required that the device to be rebooted a few times. When even Google’s arguably best-in-class detection is tripped up by a simple combination, we would all be wise to remember that it remains challenging to provide guarantees on bad behavior detection and prevention.