Google Play Store and Malware: A Recent History

• Recently, Google Play Store has been in the spotlight quite often for hosting malware-laced apps.
• Some of these apps have millions of downloads, posing a massive threat to a considerable chunk of Android users.

Context

Although Google lets in an app on the Play Store only after it satisfies a list of requirements, certain malicious apps seem to have discovered cracks to slip through. Sometimes, such apps record millions of downloads before they’re discovered containing malware.

Google has been regularly weeding out malware-infected apps from the Play Store, but the openness of the platform is a roadblock in this battle.

Prominent incidents

Android users are told only to download apps from the official Play Store. Let’s take a look at the recent instances of Google-approved apps sneaking in malware.

July 2019 - Around 205 malicious apps that were reported to have been downloaded more than 32 million times in July alone. These apps were found to contain malicious code that had the capabilities of stalkerware, backdoor, subscription scams, and more.

August 2019 - A popular PDF creator called CamScanner was discovered to contain a malicious module called ‘Trojan-Dropper.AndroidOS.Necro.n’. The module was observed to show intrusive ads. After Kaspersky reported this to Google, the application was immediately removed.

September 2019 - This month witnessed the discovery of a new malware campaign to deliver the Joker Trojan. Google promptly removed the 24 apps that hid malicious code in the advertisement framework.

Google removed two adware apps, Sun Pro Beauty Camera and Funny Sweet Beauty Selfie Camera, that had more than 1.5 million downloads in total. Apart from this, four VPN apps — HotSpotVPN, Free VPN Master, Secure VPN, and CM Security Applock AntiVirus — were also discovered to commit ad fraud.

Just in September 2019, 25 malicious apps with 2.1 million downloads in total were observed serving random ads to generate revenue.

The takeaway

Google Play Store is still the safest place to download Android applications, but with so many incidents reported, users are advised to be on alert. No app is completely immune to being exploited for malicious purposes.

Make sure that you follow basic security measures such as installing an antivirus, updating apps regularly, and being aware of the permissions the apps request for.