Google Play Drops 500+ Apps After Discovery Of Malicious SDK

August 22, 2017 - Written By Daniel Golightly

Some very popular applications in the Google Play store have now been removed, following the discovery that 500 or more applications could have been spying on users without their knowledge. Among those applications were some that had been downloaded more than 100 million times. What’s worse, the developers of each of the apps may not have even been aware that there was a problem since the undesirable consequences were the result of a software development kit (SDK) called Igexin. The software development kit was used to develop relatively benign games and applications, but the use of that particular SDK left a back door for external, Igexin-controlled servers, which, unbeknownst to the user or developers, would then download malicious software in some cases. The discovery itself was made by the prominent mobile security provider Lookout and announced via the company’s official blog on August 22.

Thankfully, Lookout says that not every application resulted in malicious software being installed and not every user was affected even by those that did eventually conduct background installs through the back door. That’s because the SDK required permissions access for key plugins in order to download the harmful code, which the user would have needed to grant. Devices that granted those permissions allowed the app to receive the code from a server identified as “http://sdk.open.phone.igenix.com/api.php.” Furthermore, Google has said in an email response to the below-listed “via” that it has retroactively secured users who have already downloaded the apps, through an update, or removing the affected apps from the Play Store. Finally, Lookout says that its attacks on users of its own security software were protected from the activity.

As to the apps themselves, gaming applications specifically marketed to teens were among those discovered to contain the SDK-based security issue. One such game had registered between 50 million and 100 million downloads. Apps described as falling into the categories of weather and photo editors were also affected, with some having been downloaded as many as 1 million to 5 million times. Several internet radio apps were discovered to contain the SDK as well, with downloads ranging from 500 thousand to 1 million. Meanwhile, apps categorized as “educational, health and fitness, travel, emoji, and home video camera” apps were also affected – though to a lesser degree. Anybody interested in more information about how the malware was able to gain a foothold and code for developers to watch out for should head to Lookout’s blog.