Google's Play Store is the "official" official app store for Android devices. The 'lesser' officials stores do exist.
Android is a flexible ecosystem, and allows developers to have more control of their apps, allowing users to really customize their phones, and give manufacturers a way to have their own official app store. And here, among the many manufacturers of Android phones, Samsung is included.
Dubbed the Samsung Galaxy Store, the marketplace comes pre-installed on Samsung smartphones.
While the store is an official app store, it was found that it is a comfortable home for a number of sketchy apps.
According to Android Police, several clones of the now-defunct Showbox movie streaming app were hosted on the Galaxy Store, and that could be potentially dangerous.
While these apps may not be harmful on their own, the apps came equipped with the technology needed to download and execute malware.
The issue came to light Max Weinbach from Android Police discovered that at least five of the Showbox clones were possibly malicious after Google's Play Protect showed warnings upon their installation.
I gave Huawei shit for this, gonna do it to Samsung too.
Samsung is hosting literal malware on the Galaxy Store. Google's anti-virus protection software, built into Play Services, stops the install.
I've found at least 5 of these apps in a row on the Galaxy Store. pic.twitter.com/LiiDJtGwmb— Max Weinbach (@MaxWinebach) December 27, 2021
Through an analysis done through the online virus and malware checker, it was discovered that the cloned apps were indeed malicious.
First, some of the apps required extensive permissions, and even required users to grant them access to call contacts, call logs, and the telephone. Second, the online analysis also showed a dozen of low-grade alerts from security vendors ranging from "riskware" to adware.
Then there is the fact that makes it worrisome.
And that is Showbox having a reputation for being a pirate tool, and cannot be found on Google's Play Store.
In order to be more certain, Weinbach reached out to Android security analyst linuxct for more detailed information regarding these vulnerabilities.
In a subsequent investigation, it was revealed that ad tech in the app is capable of doing dynamic code execution.
What this means, the apps could indeed download and run codes other than what came shipped with it, which could include malware code.
While there are very few legitimate use cases for this functionality, linuxct said that it could be "weaponized easily. "
"So at any moment it may become a trojan/malware, hence it's unsafe and thus why so many vendors flagged it in VT/Play Protect," explained linuxct .
Samsung has been running the Galaxy Store for years on its mobile devices alongside Play Store.
Based on the finding, it's suggested that Samsung should do better.
At this time, the Samsung Galaxy Store doesn't track install counts. But for what it's worth, they have received hundreds of reviews, including several mentioning the malware warnings.
It should be noted though, that Google Play Store is also far from safe.
As the official app store that is operated by Google, the store has long been riddled with lists of malware-ridden apps.
Google has numerous protections and filtering mechanisms, and also a dedicated team to scout malicious apps. But still, malicious developers seem to be cleverer, as they managed to have their apps listed on the app store, and claim victims before they are banned.
Regulating what apps are being posted on the app store is not an easy task and that became even more evident following this case.
Read: Google Play Store Is Android's Biggest Security Problem, Research Found