Spyware designed to steal personal data has been found in apps hosted on the Google Play store, highlighting the ongoing challenge of keeping malicious software out of official mobile app marketplaces.
What is the spyware and how does it work?
The spyware was found hidden inside over 20 apps on the Play store, many posing as harmless utilities like image editors, calculators or PDF converters. Once installed, the spyware can collect sensitive user information like locations, call logs, and text messages and secretly upload this data to remote servers controlled by the hackers behind the spyware campaign.
The spyware works by asking for various permissions during installation, like access to SMS messages or location data. If granted, the spyware can then read this sensitive information and covertly send it back to the hackers. The spyware also contains code to download additional malware if instructed by the hackers.
How was the spyware uncovered?
The spyware campaign was uncovered by researchers at cybersecurity firm Bitdefender. While performing routine scans of apps in the Play store, the researchers discovered suspicious behavior and code signatures that indicated the presence of spyware.
Further analysis revealed that the spyware was hidden inside multiple apps across different categories like photography, games and file management. In total, Bitdefender found spyware in over 20 apps which together had been installed over 2 million times. The researchers immediately contacted Google to have the infected apps removed.
How did the spyware make it into the Play Store?
Google claims that every app on the Play Store goes through some form of automated and manual review before being published. However, sophisticated spyware is sometimes able to bypass automated scanning tools.
At the same time, with over 2.5 million apps on the Play Store, manual review cannot catch every instance of spyware and malware. The developers behind this spyware campaign likely snuck the malicious code into legitimate-looking apps that raised no obvious red flags during the review process.
What is Google doing to address this?
Upon being notified by Bitdefender, Google swiftly removed all apps containing the spyware from the Play Store. However, given the scale of Google Play, keeping spyware out entirely remains an ongoing challenge.
In response to this incident, Google says it is continuing to improve the app review process, by enhancing their ability to detect undisclosed and hidden malware. Google is also considering changes to app permissions to better protect user data.
For users, Google recommends only downloading apps from trusted developers, paying attention to app permissions, and using mobile anti-virus software as additional precautions against spyware.
What does this mean for Android security?
The fact that sophisticated spyware succeeded in bypassing Google Play’s defenses highlights that even official app stores are not immune to hosting malware. While Google Play does provide a significant level of protection compared to third-party app stores, Android users cannot blindly trust every app available for download.
This incident emphasizes the need for continued vigilance by both Google and users when it comes to Android security. App publishers should also adopt safer coding practices to prevent their apps from being hijacked to spread spyware. As the capabilities of mobile malware continue to grow, bolstering Android’s app security measures will only become more crucial.
