These Android Antivirus Apps With Over 900M Google Play Downloads Are Privacy Nightmares

android antivirus apps 900m downloads privacy nightmares news
Last week, Google introduced its new data safety section for the Play Store, which states that Android application developers have until July 20th to fully disclose their data collection, sharing, and safety practices. A new analysis of popular Android apps shows why this kind of data collection transparency is needed.

The Cybernews research team recently studied the top forty most-installed cleaning and antivirus apps on the Google Play Store. All together, these apps have more than 918 million downloads. Given the large number of downloads, it would seem that many Android users care about device security. However, these users are likely unaware that the vast majority of these apps aren’t particularly secure themselves and are detrimental to privacy.

After digging into these apps, the researchers assigned them all security scores, and all but one of the apps scored under 50 out of 100. Keep Clean Cleaner, Antivirus sits just slightly above that mark at 54, while Safe Security - Antivirus, Booster, Phone cleaner scored lowest with a pitiful 9. The team found that 13 of the apps employed “questionable coding practices” and that six contained possible malicious links. The possibly malicious apps are as follows:
• Dr. Capsule Antivirus, Cleaner
• GO Security - AntiVirus, AppLock, Booster
• Virus Hunter 2021 Virus Scanner and Phone Cleaner
• AVC Antivirus & Virus Cleaner
• Fancy Booster - Cleaner, antivirus & Speed Up
• Phone Junk - Clean Master

The presence of malicious links isn’t a big surprise when malware is on the rise in the Google Play Store. Cybernews contacted the developers of the six apps in which malicious links were detected, but received only one response. The developer of Dr. Capsule Antivirus, Cleaner claimed that its app was mistakenly flagged as potentially malicious due to a confusion between unencrypted HTTP and encrypted HTTPS.

android antivirus apps 900m downloads privacy nightmares aurora store news
Aurora Store Exodus Privacy reports for three of the apps (click to enlarge)

The Cybernews research team also found that all but two of the forty apps contained trackers that collect and share user data. The researchers found a whopping 30 trackers in one of the apps: Nova Security - Virus Cleaner. We looked at the Exodus Privacy report for this app, as well as two others, to see what trackers are bundled with the apps. The above screenshots show just some of the trackers listed in each of the reports. While the apps contain a great many different trackers, we want to highlight two of them.

Nova Security - Virus Cleaner, which has 10 million downloads and Antivirus, Virus Cleaner, Booster - Fancy Security, which has 1 million downloads, both contain the Pangle SDK. Pangle is distributed by ByteDance, the Chinese company that owns TikTok. TikTok has a history of collecting large amounts of information on users and was previously caught collecting iPhone clipboard data and exploiting a Google security vulnerability to uniquely identify Android users.

Smart Security, which currently sits at 50 million downloads, contains the Huawei Mobile Service (HMS) Core. According to Exodus Privacy, this SDK “includes Ads Kit, Analytics Kit, Location Kit, and more.” The US government banned sales of Huawei devices in the US after establishing a direct link between Huawei and the Chinese government and finding hardware backdoors in Huawei devices.

The following is a list of all the apps analyzed by Cybernews and the number of trackers found.
• 30 – Nova Security - Virus Cleaner
• 23 – Fancy Booster - Cleaner, Antivirus & Speed Up
• 23 – Antivirus, Virus Cleaner, Booster - Fancy Security
• 20 – Fancy Battery - Battery Saver, Booster, Cleaner
• 20 – Fancy Cleaner - Boost, CleanerSmart Security
• 18 – Smart Security
• 16 – GO Security - AntiVirus, AppLock, Booster
• 16 – Keep Clean Cleaner, Antivirus
• 16 – Safe Security - Antivirus, Booster, Phone Cleaner
• 15 – APUS Security Antivirus Master
• 15 – Antivirus One - Virus Cleaner
• 13 – FileMaster Manage&Power Clean
• 13 – Memory cleaner Speed Booster and junk removal
• 13 – One Booster Antivirus and Cleaner
• 13 – Phone Security - Antivirus, Cleaner, Booster
• 13 – PoMelo File Explorer & Cleaner
• 12 – One Security Antivirus, Clean
• 12 – Phone Cleaner - Virus cleaner
• 10 – Dr. Capsule Antivirus, Cleaner
• 10 – AVC Antivirus & Virus Cleaner
• 10 – Phone Junk - Clean Master
• 10 – Powerful Phone Cleaner - Cleaner & Booster
•   9 – Virus Remover - security apps, booster, cooler
•   9 – Smart Cleaner
•   8 – Virus Hunter 2021 Virus Scanner and Phone Cleaner
•   8 – Antivirus - Cleaner + VPN
•   8 – CPU Cooler - Antivirus, Clean
•   8 – Phone Cleaner, Booster, Master
•   8 – SHAREit Lite - Share and File Transfer, File Manage
•   7 – Super Clean-Master of Cleaner
•   7 – Smart Clean-Booster,Cleaner
•   6 – Antivirus and Virus Cleaner Lock
•   6 – Clean Guard Phone Cleaner
•   6 – JioSecurity Mobile Security & Antivirus
•   3 – Antivirus - Virus Cleaner
•   2 – Security Antivirus - Max Cleaner
•   0 – Super Antivirus - Clean Virus
•   0 – VG кё м–...мль© Web SDK