Android Adware Raises Google Play Security Concerns - InformationWeek
IoT
IoT
Mobile // Mobile Applications
Commentary
2/4/2015
11:06 AM
Eric Zeman
Eric Zeman
Commentary
50%
50%

Android Adware Raises Google Play Security Concerns

Three apps, downloaded to tens of millions of Android devices from the Google Play store, foisted ads for apps on unsuspecting users.

8 Wacky Cyberattacks Worse Than Sony Hack
8 Wacky Cyberattacks Worse Than Sony Hack
(Click image for larger view and slideshow.)

Google has suspended three applications from the Play Store after being alerted to the presence of malicious adware. A security firm revealed the infected apps to Google and believes they've been installed on many millions of phones and tablets.

The development raises a number of questions about how Google operates the Play Store and whether or not its reactive approach is the right one.

One of the apps, a solitaire game called Durak, targeted English speakers, according to Avast, the security firm that discovered the adware. The other two applications -- an IQ test and a history app -- targeted Russian speakers. Durak hit the Play Store in December and has been downloaded between 5 and 10 million times.

Whoever created the apps used a clever ploy. The creator remained dormant for a period of up to 30 days in a clear attempt to hide.

"After 30 days, I guess not many people would know which app is causing abnormal behavior on their phone, right?" noted Avast's Filip Chytry in a blog post. All three apps behaved normally after they were installed. Perhaps a week or two later, some users reported some strange behavior from their device after a reboot.

At the 30-day mark, however, things got ugly.

"Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn. This, of course, is a complete lie," explained Chytry. "You are then asked to take action; however, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value."

(Image source: Google Play store via Avast)
(Image source: Google Play store via Avast)

Basically, the adware used system-level notifications to generate advertisements for other apps and services. This is strictly verboten behavior. Google was quick to respond to Avast's alert, suspend the apps, and assure people that they shouldn't worry. Hopefully Google plans to do a lot more, because there's plenty to worry about here:

  • How did the apps get past Google's scans? They shouldn't have.
  • What are infected users supposed to do if their handsets can't be cleaned up?
  • What is Google going to do to prevent this from happening again?
  • Will there be any repercussions for the creator of this malicious adware?

[Where are the Android 5.0 Lollipop updates? Check out how the smartphone market is responding.]

Android users have to trust that the apps they download from the Play Store are safe and won't cause them or their devices harm. Google has always warned that downloading apps from sources other than the Play Store is risky. If downloading apps from the Play Store becomes risky, too, then Google will have a significant problem on its hands.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Eric is a freelance writer for InformationWeek specializing in mobile technologies. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jagibbons
50%
50%
jagibbons,
User Rank: Ninja
2/26/2015 | 9:05:20 AM
Re: Security expectations realistic the modern technology age
Thanks for the reminder, jobethhiatt73. There's no completely safe technology unless it's complete disconnected and powered off. And that certainly defeats the purpose.

Google needs to do more to try and find malware apps, but no one is going to find them all.
Truth_Stalker
100%
0%
Truth_Stalker,
User Rank: Apprentice
2/17/2015 | 11:18:20 AM
Apple Shill Site/Editor??
This 'Tech Article' appears to exist only to low brow the Google Play App Store . The Apple Ecosystem is ONLY safe in the way that a prisoner in Solitary Confinement is safe from STDs. Of course they are if they don't have access to anyone else. The Google Play App Store is a huge Theme Park by comparison. So.. If you know what you're doing, you'll be fine. More Anti-Google propaganda, I suppose. It's sad that Tech Reviewers' (who are supposed to be 'unbiased by default) have also been tainted.
jobethhiatt73
100%
0%
jobethhiatt73,
User Rank: Apprentice
2/17/2015 | 4:10:42 AM
Security expectations realistic the modern technology age
we are expecting an absolute security key. There is no such thing anything that can be posted or brought up  can be broken into. Remember there's always someone trying to out-think it. Please excuse my voice text I have a slight problem. We are expecting an absolute in the world of no absolutes.

Computers are science there is no such thing as absolute. Something can always be disassembled, changed and every time there's a computer malfunction we get upset, but it still part of computers. We've got to realize that if someone was smart enough to make it, there's a problem 30 days after it's been downloaded and this will happen more and more.

Google can do the best they can, and we expect that of them, but there is no absolute. It doesn't let them off from trying, They still need to keep the Play Store as secure as possible there. Why did you come down hard on them? It's not fair.  I'm not trying to stick up for them-- I do not come from the computer age at all I came from absolute mass and slide rules and such things.

At my age I'm not real thrilled with technology, it's been unleashed and we don't know how to control it enough. That's my opinion. Control its applications and keep them secured better.
Gary_EL
0%
100%
Gary_EL,
User Rank: Ninja
2/5/2015 | 3:15:25 AM
Re: Play Store
You'd think an organization of the size and scope of Google would do a better job of safeguarding Playstore users. This is real black eye for them.
Li Tan
0%
100%
Li Tan,
User Rank: Ninja
2/5/2015 | 12:23:24 AM
Re: Back-end vulnerability
I am on your side. In fact we cannot trust any Android Apps we downloaded since it's hard to judge if there are Ads, malware installed together. The anti-malware software will have some effect but cannot solve all problems.
soozyg
0%
100%
soozyg,
User Rank: Ninja
2/4/2015 | 6:12:17 PM
Re: Play Store
True. Some were free, some I had to get refunds, which are surprisingly difficult to get. They have a disclaimer about compatibility, I suppose.
SamRay
0%
100%
SamRay,
User Rank: Strategist
2/4/2015 | 5:28:53 PM
Back-end vulnerability
An importanrt point is that the software from the Google Play Store was able to do things it was not supposed to do and would not have been detected if it did not have a visual presence. We must assume that otehr alications could use the same of similar technuiques to hack us without our knowledge if they remain invisible. I think that until Google discloses how the malware got through and what Google has doen to ensure it cannot happen again, we must assume the Google Play Store cannot protect us.
Thomas Claburn
0%
100%
Thomas Claburn,
User Rank: Author
2/4/2015 | 4:10:56 PM
Re: Play Store
Assuming those apps were free, you get what you pay for. 
soozyg
100%
0%
soozyg,
User Rank: Ninja
2/4/2015 | 12:08:58 PM
Play Store
raises a number of questions about how Google operates the Play Store

I thought that iTunes would be better, and yet my kids have downloaded apps from iTunes that either didn't work at all, used insane amount of memory, or had so many glitches they weren't worth playing.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll