Google Play Store Has Thousands Of Data-Stealing Counterfeit Apps, Researchers Said

13/05/2019

Google’s Android powers most smartphones in the market. But the popular operating system is facing a tough battle when it comes to dealing against malware apps.

According to a research from the University of Sydney and Commonwealth Scientific and Industrial Research Organisation’s (CSIRO) Data61, Google’s Play Store is filled with thousands of possible malware-ridden counterfeit apps and games.

To come into this conclusion, the researchers have analyzed more than a million Android apps on the platform for two years, using a convolutional neural network (a class of deep neural networks most commonly applied to analyzing visual imagery) to identify similarity in app icons.

Icons are the first thing that people see, unsuspecting users can be fooled into downloading a fake app that has a similar image style and iconography to their legitimate counterparts.

After discovering a million apps by crawling the Play Store, the researchers downloaded the APK files, to then group them by app category and visual similarities shared by the apps. The researchers also took into account plagiarized text descriptions of the top 10,000 most popular apps in the Play Store.

The identified apps were then checked for malware using the private API of VirusTotal, an online malware analysis tool that was acquired by Google in 2012, before being spun-off into a full-fledged cybersecurity sister company called Chronicle in 2018.

Play Store - BuzzFeed
Image: BuzzFeed News

According to the study:

"We were able to find 2,040 potential counterfeits that contain malware in a set of 49,608 apps that showed high similarity to one of the top-10,000 popular apps in Google Play Store."

"We also [found] 1,565 potential counterfeits asking for at least five additional dangerous permissions than the original app and 1,407 potential counterfeits having at least five extra third-party advertisement libraries."

The researchers also took into the permissions these apps requested, as well as third-party ad libraries that come with them. Here, they noted that around 35 percent of the apps are no longer available in the Play Store “potentially removed due to customer complaints.”

Games like Temple Run, Free Flow, and Hill Climb Racing were among the most commonly counterfeited.

Google has been leveraging numerous ways, including Google Play Protect, to secure its Android ecosystem from potentially harmful apps.

The company has also tightened its policies, which resulted in an increase of rejected app submission by more than 55 percent. App suspension have increased by more than 66 percent, according to Google.

But still, the move is seen insufficient.

With the huge number of developers creating a multitude of apps and games, and also due to the open nature of Android, it's difficult for Google to police them all. As a result, it makes it relatively easy for malicious developers to escape detection and to slip in copycat apps that leave users at risk.

"Keeping the Android ecosystem secure is no easy task, but we firmly believe that Google Play Protect is an important security layer that’s used to protect users devices and their data while maintaining the freedom, diversity and openness that makes Android, well, Android," said Google earlier this 2019.

Previously, Google Play Store had a developer with more than half a billion app downloads committing ad fraud and violating other Google policies.