Malicious Google Android apps seem to be hitting the Play Store increasing rapidly at the moment–or at least, reports of them are. This was the thinking behind ESET security researcher Lukas Stefanko’s report detailing the harmful apps on Google Play that hit the news in September.
The results are far from pretty: Stefanko’s analysis shows that 172 harmful apps with over 335 million installs were found on Google’s Play Store, according to various news reports written during the month. Of course, the installs would have taken place over a longer period than just the month of September.
In August, I reported that a dangerous spyware app had hit the Play Store twice. It came after Trend Micro researchers reported adware containing apps had been downloaded 8 million times.
Meanwhile, among reports in September, Forbes contributor Zak Doffman wrote how two apps with over 500 million downloads were revealed to contain dangerous adware.
And Adware was the top attack vector, with 48 apps that had over 300 million installs in total. Subscription scams were another area of concern, with 15 apps found and 20 million installs. That was followed by apps containing hidden ads, with 14.5 million installs across 57 apps.
Google Play: Out of control?
So, is the number of malicious apps increasing, or are security researchers and as a result, journalists reporting them more? It is difficult to say but one thing is clear: Many people, including Android users, are worried that the Google Play Store is getting out of control.
This data highlights the problem that Google faces, says security researcher Sean Wright. “Unfortunately, this issue only seems to be getting worse. It would be interesting to see if Google has any plan in place to try tackle the problem.”
With multiple players involved in the Android ecosystem, coupled with Google’s less than stringent app store policies–at least compared to Apple–it’s really down to users to assess what’s safe and what’s not.
It’s certainly not ideal, but there are some best practices you can follow. As well as ensuring your operating system is as up to date as possible, you should use anti-virus and read app reviews.
Wright advises: “Only install apps that you are going to use. Pay close attention to details such as required permissions. If you are installing a flashlight app and it is asking for permissions to read your contacts, this should serve as an immediate red flag.”
Follow me on Twitter.
I’m a freelance cybersecurity journalist with over a decade’s experience reporting on the issues impacting users, businesses and the public sector. My interests within cybersecurity include critical national infrastructure, cyber warfare, application security and data misuse. I’m a keen advocate for women in security and strive to raise awareness of the gender imbalance through my writing.