A number of Android apps available from the Google Play Store designed to improve your mobile camera experience have now been found to be acting in a number of improper ways.
The apps have been detailed in a new report from Trend Micro and are now understood to have been removed from the Google Play Store.
These apps paraded as ‘beauty’ apps although hidden beneath were some fairly ugly behaviors. For Example, some of the apps were primarily designed to surface ads for porn sites or act as tools used to redirect users to phishing sites that would try to lift your personal details.
In some of the other cases, the apps promoted themselves as filter apps that would let you upload an image and apply a filter and return the new filter-supported image when in reality they were simply looking to steal the user's photos. A move presumed to be used to assist in creating various fake accounts.
One of the more alarming points in the report is how the apps were designed to hide themselves upon installation. For example, once downloaded the app would not actively show an icon in the user’s app drawer. This is understood to be a tactic employed to make it harder for the user to uninstall the app at a given point or even if they suspect something was amiss.
Although even in the latter case it would seem the apps were good at distancing themselves from the bad behaviors which would have further added to the inability of the user to directly connect that it was the app that's generating the malicious activities. Especially as the obvious traces from the app where either hidden from the user, or protected from scanners.
While it is not uncommon for bad apps to end up on the Google Play Store, Trend Micro does note that some of this apps had been “downloaded millions of times” with the bulk of those downloads believed to have occurred in Asia.
Thanks to the rise in selfie-focused smartphone and software, beauty apps have become a more common occurrence on the Play Store in general and it would seem as though these apps were hoping to capitalize on that market growth.
In total 29 apps were found to be exhibiting one or more of the behaviors described above which further highlights this was not simply a case of one or two rogue apps but much more of a concerted effort to directly attack a specific set of users.
Again, the apps have since been removed from the Play Store by Google although this serves as a reminder to evaluate apps thoroughly before downloading. The report, which lists all of the apps by name, advises one of the best ways to do this is to read the reviews as they can act as an indicator of the true nature of the app.
While this might not always be a viable or foolproof method, in this case a number of the apps did come with reviews that tried to warn the user that the app was not what it seemed.