The apps went out of their way to disguise their malicious nature. They'd use multiple compression archives (aka packers) to prevent analysis, and layer on thick encryption for their remote servers. Users would also have trouble removing them, to boot. They'd hide from the standard app ilst (you couldn't just drag them out to delete them), and would make sure they weren't linked to the ads.

This wouldn't be as much of an issue if it weren't that the apps were popular before Google removed them. All told, 11 of the apps had been downloaded over 100,000 times, and three of those over a million times -- that's a lot of victims. Unless Google can find a way to catch these apps sooner, it may be up to users to keep an eye out for suspicious apps.