On Monday, a report from Jessie Huang with Trend Micro revealed that up to 182 mobile apps were responsible for pushing adware to millions of users via the Google Play store and various third-party Android stores. According to the Trend Micro report, out of the 182 mobile apps discovered, eight had been downloaded more than 9 million times by unsuspecting Android users before finally being removed by Google.
Once downloaded the adware apps cleverly operated normally for up to 30 minutes before the full-screen ads started. The full-screen advertisements could not be immediately closed, essentially hijacking your smartphone. Trend Micro stated that the 30-minute delay was increased in later versions of the apps by up to 24 hours, and also added further functionality to the malicious adware apps via communication with an exterior server for control and command.
The delay in activating the hidden adware portion on these deceptive apps served two purposes, the first giving them the ability to get legitimate reviews by actual users. Some of the deceptive apps got high ratings using this method, which in turn caused more users to trust that these apps were safe to download.
The second benefit in delaying advertisement activation on the apps was related to security tools, and the adware’s ability to evade detection by simply acting and looking like a real and normally functioning app.
Some of these apps also had the ability to hide their icon from the user, literally hiding in plain sight thus making removing them that much more difficult.
The intrusive ads once activated on the user’s smartphone, would appear when the device was unlocked, taking up the entire screen. These ads were coded to appear sometimes every five minutes, but always at regular and persistent intervals. Adding to the user’s frustration you couldn’t unwatch them or skip the ads either unless of course, you knew to look for the above mentioned hidden adware app with a hidden icon.
Across Google Play and other third-party stores, Trend Micro found 111 of these apps, yet only 43 seemed to be unique while the rest were duplications.
The problem with apps like these is that they diminish the Android user experience. While the adware apps here are mostly harmless, they represent only a fraction of the adware still out there, not including the truly nasty malware still hidden, but they are all still incredibly intrusive. Users have a reasonable expectation of privacy and security and unfortunately, when these apps are allowed to operate and propagate on the Google Play store and other third-party stores, the trust between the Android community and Google can be tested. While Google sometimes seems slow to stop deceptive apps like these, you have to remember there are millions of apps to monitor but they do seem to be trying. They have to.
It seems like every month a new type of malware pops up, discovered to be riddled with malicious code, and while these particular adware apps seem benign as they only show ads, it could be a lot worse and has been. The battle against deceptive adware may never be won but luckily Google, Trend Micro, and other companies tirelessly look for these malicious apps to safeguard us.