Google's fight against malicious apps tainting its Play Store is far from over, but the internet search leader isn't giving up so easily. After repeated attempts from malicious apps to infiltrate Google's open ecosystem, which has been criticised for approving apps without properly vetting them, Google is cracking down on some apps that are proving to be a disaster for its billions of users.
Joining Google's continued efforts to purge malicious apps from its Play Store, the latest attempt successfully removed 29 such apps from the Android marketplace. But the move comes a bit too late as millions of users had already downloaded these apps categorised as "Beauty Camera" apps on their phones, exposing them to malicious ads and data theft.
Trend Micro found these 29 malicious Android apps Google recently removed from its Play Store and pointed out the nefarious activities on users' phones. The report revealed that some apps would show full-page ads for pornographic or fraudulent content every time a device is unlocked with no way to link them back to these apps. Users would be puzzled as to where these ads appear from.
But other apps went a step further to invade the privacy of users by stealing their personal information such as email address or phone number by offering them a reward of a prize on a phishing website. When Trend Micro investigated the authenticity of one pornographic ad, offering users a paid adult video player, they found it was merely a scam to make quick cash.
Since the now-defunct malicious apps were tagged under beauty camera, it is natural people who downloaded them would use the apps to apply some sort of filters and edits to the image they clicked. Unlike an authentic photo app, some of these malicious apps would send the user's photo to a private server and display a fake message asking to update the app. According to the report, these stolen photos could be used for malicious activities such as social media photos on fake accounts.
Trend Micro found these malicious apps were downloaded more than 4 million times, but only three apps, namely Pro Camera Beauty, Cartoon Art Photo and Emoji Camera, accounted for more than 3 million downloads, which is quite concerning. The report pointed out that the majority of downloads came from Asia, especially in India. Once downloaded, users found it impossible to get rid of the apps from the phones as they would be hidden from a user's app list on the phone.
Not the first, certainly not the last
This isn't the first incident where Google has gone ahead and removed dozens of malicious apps from its Play Store. Recently, the web search giant took down 85 Android apps disguised as games, universal TV remote app and other forms of utility applications.
While Google's Play Store is not as secure as Apple App Store, which has a stringent verification process before an app appears for download on iPhones and iPads, it is not 100 percent secure. Last month, 14 retro iOS games on Apple App Store were identified with notorious Golduck malware links and removed shortly after.
Since users rely on apps for almost everything, hackers will continue to use this to their advantage. In the end, it falls on the laps of hosts like Google and Apple to send through authentic apps instead of malicious ones. Even if some apps breach the security protocols by these app stores, users must practice caution by validating the developer of apps, checking user reviews and permissions before downloading an app. Sometimes a free app can cause more damage.