172 Malicious Android Apps With Over 300 Million Installs Discovered In Google Play Store Last Month

cyber security vulnerability

The battle against malware never ends. Nearly 200 harmful apps were discovered in the Google Play Store in September 2019. These apps were installed by over 335 million users.

Most of the harmful ads contained malicious or misleading malware. These apps were downloaded by more than 300 million people. Google removed 46 apps alone from Chinese developer iHandy. Most of their apps feature tools for selfies, security and antivirus utilities, keyboards, horoscopes, emoji, and health. The developer claims that they attract more than 180 million monthly users.

Google noted that the apps included “deceptive or disruptive” ads, which violates their policies. The apps even drained users' batteries and bricked devices. It is believed that these apps were installed over 1.5 million times before they were removed.

Apps with subscriptions scams and hidden ads were the next biggest category. These kinds of apps were installed by roughly 25 million users. “Fleeceware” apps can be particularly harmful. These kinds of apps tempt users with a free trial for a basic service and then quickly overcharge for the app. At least fifteen fleeceware apps were available this past month. They included apps with package names such as “qr.code.barcode.maker.scanner.reader” and “com.gifmaker.giffree.gifeditor”.

adware google play ihandy

Apps with SMS premium subscriptions, hidden apps, banking trojans, stalkware, credit card phishing apps, and fake apps, antiviruses, and cryptocurrency exchanges accounted for the remaining harmful apps. These apps attempted to steal users’ credit card credentials and other information A few of these apps, such as “AZ Mobile Security”, have yet to be removed from the Google Play Store.

Google appears to be trying to improve their mobile security. Android 10 contains a number of updated privacy features. For example, users have the option to “always allow”, “allow only while using the app, “forbid”, or “don't ask again once prohibited” location permissions. However, it still appears that malicious apps are able to easily sneak their way onto the Google Play Store. Many of the updated Android 10 features are convenient, but users still need to remain vigilant. Hopefully Google will be able to improve their vetting process in the future.