Innocent Android apps hiding malware

Innocent Android apps hiding malware

If you’re looking to get a new phone, you might find yourself facing a decision between whether to go for an Android device or an Apple iPhone. Android phones are a popular choice – in fact, according to recent figures Android has around 85% of the worldwide market for mobile operating systems (as of May 2017 according to IDC – see chart below). Clearly a lot of people prefer Android – after all, you have more flexibility with the apps you use, and Android devices are widely compatible with other hardware (whereas with Apple you are very limited).

However, there is another factor that is becoming more relevant, and that is security.

The issue
Google has come under fire recently for the fact that some apps available on the Play Store were found to contain malware. The apps were discovered by security company SophosLabs, who were quick to report the offending apps to Google. Worryingly, though, some of these apps had already been downloaded hundreds of thousands of times, and there are concerns that up to one million users may have been affected by the malware. They were disguised as innocent apps – mostly QR readers – but hours after installation the malware springs to life and bombards the user with adverts and notifications.

2018-03 Innocent Android apps hiding malware - malicious apps.png

Image credit: SophosLabs

Furthermore, there are wider concerns about the amount of data that Google collects from Android device users. In the interest of fairness, it’s important to acknowledge that both companies gather a lot of data about their users, but Apple doesn’t tend to hang on to as much data as Google, and the data they do keep tends to be anonymised. Of course, from Google’s point of view the data they collect allows them to customise their services to suit the user, and they do have a far wider range of services than Apple.

How can you avoid malware?
One of the best ways to avoid malware is to download apps from a reputable app store, such as Google’s Play Store. Google has an app-vetting process that catches the overwhelming majority of malicious apps, which is better than the app stores which don’t have any verification procedures at all. However, as outlined above, sometimes malware can slip through the net, so always try to look for apps from reputable developers.

In January 2018, Google published a blog post describing how they ‘fought bad apps and malicious developers in 2017’. According to Andrew Ahn, Product Manager at Google Play, “we took down more than 700,000 apps that violated the Google Play policies, 70% more than the apps taken down in 2016. Not only did we remove more bad apps, we were able to identify and action against them earlier. In fact, 99% of apps with abusive contents were identified and rejected before anyone could install them.”

2018-03 Innocent Android apps hiding malware - Play Store.png

Image credit: Google

So is it all bad? Certainly not. If you are careful, you stand a good chance of never having malicious content on your device. But the fact of the matter is that Apple currently has a more rigorous app verification process than Google, and given recent events you would hope that Google decides to up their game.

Becky Cunningham
First release
Last update

More resources from Becky