Be careful on Google Play
An often repeated piece of advice given to users of mobile devices says that they should stick to well-reputed, official app stores if they want to avoid malware.
But while the chance of downloading malware from Google Play might be lower than the chance of doing the same through third-party Android app markets, it’s still easy to get saddled with iffy and outright malicious apps even if you only ever use Google’s official app store.
Google does check whether the submitted apps show malicious behavior by testing them with Bouncer, an automated app scanning service that analyzes apps by running them on Google’s cloud infrastructure and simulating how they will run on an Android device.
Bouncer surely prevents most malware from ending up in the store, but definitely not all, as malware peddlers are constantly finding new ways to fool this scanning service.
Why, just in the last few days, we were informed about these malicious apps discovered on Google Play:
- A modified version of the Charger mobile ransomware masquerading as a flashlight app
- The BankBot credential stealer embedded in video apps
- The DressCode backdoor found in 200 unique Android apps, ranging from style guides and books for children to Doodle applications
- Spyware posing as an Android system update app.
That last example, in particular, shows the need for better education and decision-making on the users’ part, but also for better protections by Google.
Consider this: the app was available from Google Play since 2014 and has been downloaded by over half a million of users, despite the many user reviews that said that the app does not work.
But if you want to know why user education can only help so much, you don’t have to go further than one of the many negative reviews it garnered: “Hate it i didn’t believe the people who said it was bad but i hope you listen because its the worst…”
Obviously, NOTHING can stop some people from doing the wrong thing, except the removal of the possibility of doing the wrong thing – and Google should work on that.
The unfortunate reality is that most users don’t know enough about the technology they use to keep themselves safe, and aren’t interested in learning or simply don’t know where to start.