Google Play Store reportedly failed to detect 29 malicious apps that had over 10 million collective downloads

It’s not easy managing the Google Play Store as thousands of apps are daily uploaded on the platform for approval and review. As per Statistica, over 6,140 mobile apps were released every day through the Google Play Store between Q3 2016 to Q1 2018 and the numbers have most likely gone up even more since then. Even though these numbers are high, that doesn’t mean that the Google Play team can skimp on observing tighter control over uploaded apps and their behaviour since Apple manages to do the same just fine. Quick Heal Security Labs has now reported 29 malicious apps on the Google Play Store that collectively sported over 10 million downloads.

Twenty four of the 29 apps are HiddAd Apps, which install a shortcut on the home screen and hide their app icons after first boot so that users have trouble uninstalling them. When the shortcut is launched, these apps display intrusive full-screen ads and some of them can do the same even when not being run in the foreground. So, if your phone was showing pop-up ads out of the blue, one of these apps might be to blame. As per the report, most of the reported apps were classified under ‘Photography’ category.

The remaining five apps were Adware that would sneak into an Android device via absurd advertisements that are run on social media sites like YouTube, Facebook and others. Associate Security Researcher at Quick Heal, Digvijay Mane, notes, “Many a times, these promoted mobile applications boast about a lot of unbelievable functionalities like X-Ray scanning. We came across few advertisements of some interesting Android Apps which claim to offer functionality of X-ray scanning. When we explored the App further, we found out that two such apps have crossed 1 million + downloads already.”

While Google removed these malicious apps from the Play Store once they were reported, it begs the question, how they flew under the company’s radar for such a long time. Quick Heal also notes that users duped by these apps left scathing reviews but it seems like even that wasn’t enough to draw Google’s attention.

While we might sound harsh, it should be noted that this is not the first time such a case has been highlighted. In June this year, researchers from the University of Sydney and independent Australian federal government agency CSIRO’s Data61 came across 2040 malware-laden counterfeit apps on the Google Play Store. While back in December 2019, Google used machine-learning backed anti-spam system to delete dubious reviews and thousands of shady apps from the Play Store, it seems like its efforts to keep the Play Store free of malware-laden apps have again dwindled.

Image Credits: Quick Heal