Google can't seem to figure out how to stop nefarious developers from offering apps via Google Play that are filled with malware and adware. In April, word surfaced that apps with ties to a group called DU Group were committing click fraud and amassed over 50 million downloads. A new group of apps with far more downloads with ties to China is now wreaking havoc and allegedly making some Android devices almost unusable.
Researchers from mobile security firm Lookout have announced that 238 apps on Google Play with an aggregate of over 440 million downloads have been found to contain the BeiTaAd plugin. That plugin is a strain of adware that can make Android devices incredibly difficult to use once loaded. Lookout security intelligence engineer Kristina Balaam says that the number of downloads these apps have make them unique in their prevalence and they are notable for the level of obfustication they use to hide the existence of the plugin.
The adware plugin was found in an emoji keyboard called TouchPal along with 237 other apps that were all published by a Chinese company called CooTek. After the Lookout report was published, all of the apps were pulled from the Play Store or updated with a version of the apps that don't have the plugin.
The tricky part about the execution these apps used was that everything seemed fine for the first few weeks after the apps were installed. Then the apps would start displaying out-of-app ads that would pop-up on the lock screen or trigger random videos to play when the phone was asleep.
Lookout says that out-of-app ads aren't novel, but the fact that the ads served by the BeiTaAd plugin made devices nearly unusable makes them more severe than similar apps. Users of affected devices have been unable to answer calls or interact with other apps due to the pervasive ads. This report is the latest sign that Google still has a lot of work to do with regards to policing apps on Google Play and doing more to protect vulnerable Android users.