Sophos Discovers 15 Icon-Hiding Adware Apps On Play Store


British security company Sophos has discovered 15 adware apps on the Google Play Store. These sneaky apps were found to be generating frequent, large, and intrusive ads. They were also capable of hiding their app icons in the launcher, making it difficult for users to find and remove them.

The 15 malicious Android apps as reported by Sophos are Flash on Calls & Messages, Read QR Code, Image Magic, Generate Elves, Savexpense, QR Artifact, Find your Phone, Scavenger Speed, Auto Cut Out Pro, Background Cut Out (developed by Richard Media Studio), Photo Background, ImageProcessing, Background Cut Out (developed by Haltermore), Auto Cut Out and Auto Cut Out 2019.

adware apps android google play sophos


Most of these apps are utility apps and Sophos says over 1.3 million devices worldwide have installed at least one of them. And while Google has now taken down these malicious apps from the Play Store, some users might still have them installed. No, not because they're liking these adware apps, but because they just couldn't find them on their phone.

No icons, misleading name

According to Sophos, these apps use creative techniques to bury themselves on your device. Firstly, they don't show up in the launcher's app tray. They hide their icon automatically a while after you install the app, misleading you into thinking that the installation may have failed.

A few of them, meanwhile, might appear in the app tray at first but disappear after you launch it for the first time. "When first launched, the app displays a message that says 'This app is incompatible with your device!' You might think that the app has crashed, because, after this 'crash,' the app opens the Play Store and navigates to the page for Google Maps, to mislead you into thinking that the ubiquitous Maps app is the cause of the problem. It is not. This is a ruse," Sophos said in a blog post.


Some of these apps go a step further to disguise themselves in the phone's settings as well. While they show up with their original name in the running app window, they use deceptive application icons and names in the phone's Apps settings page to make it more difficult for users to detect them.

Most of these names and icons are chosen to plausibly resemble an innocuous system app, such as Back Up, Update, Time Zone Service, and even Google Play Store. By doing so, these apps easily convince the user into believing that there's nothing malicious installed on the phone.

adware apps android google play sophos 2


If you're countering frequent intrusive ads on your phone, you might want to thoroughly look at every app's details. Remember, most of the system apps cannot be uninstalled, while these malicious apps are easily uninstallable.

Avoid installing apps from unknown sources

To avoid such harmful apps, it's always best to install apps from recognized and popular developers and official sources only. It's also a good practice to read through the user reviews before installing. Most of these recently discovered adware apps had negative reviews in the Play Store.