When Google Removed 36 Fake Security Apps from Google Play…
It was over three months ago that Google removed 36 fake security apps from Google Play. This happened after these apps were flagged by Trend Micro researchers…
These apps would pose as legitimate security solutions and do the tasks- scanning, cleaning etc- that they claimed to be capable of doing, but at the same time would do data harvesting too. Lorin Wu, Mobile Threats Analyst at Trend Micro, has authored a blog on this issue. The blog says- “In early December 2017, we found a total of 36 apps on Google Play that executed unwanted behavior. These apps posed as useful security tools under the names Security Defender, Security Keeper, Smart Security, Advanced Boost, and more. They also advertised a variety of capabilities: scanning, cleaning junk, saving battery, cooling the CPU, locking apps, as well as message security, WiFi security, and so on…The apps were actually able to perform these simple tasks, but they also secretly harvested user data, tracked user location, and aggressively pushed advertisements.”
Trend Micro researchers notified Google of these fake apps and Google immediately removed them from Google Play.
The fake apps, after their first launching, won’t appear on the device launcher’s list of applications. The shortcuts will also not be there on the device screen. The users would be seeing only the notifications sent by the app, which would mostly be alarmist security warnings and pop-up windows. The Trend Micro researchers did some manual inspection and found that this action was just conditional. They found that the ‘hide’ function of the malware was designed explicitly so that it doesn’t run on specific devices. The Trend Micro blog explains this- “The excluded devices are: Google Nexus 6P, Xiaomi MI 4LTE, ZTE N958St and LGE LG-H525n. It is possible the malware developers knew that this tactic would not work on these devices, or they wanted to avoid being checked by Google Play during inspection periods. Once the app is running, the user will be bombarded with “security” notifications and other messages from the malware. After checking the original code, we found that most detection results from the notifications are false. For example, if the user installs another app, then it will immediately be reported as suspicious. Or the user will be sent notifications like “10.0 GB files are being wasted,” which will prompt some kind of action.” The blog further adds- “But the data shown in these messages are fake — they are just used to add a layer of legitimacy to the app.”
The notifications that these apps send are made to seem believable. A user might get a notification about some issue that needs to be resolved. Once the user clicks on the resolve button, the app will let him get the impression that it has been resolved. Thus the user would have no suspicions about the app, which would in the meantime be collecting his personal data, including locations details and would be sending them to a remote server.
Along with these notifications, there would be different advertisements coming up. The user would click on these and that would also lead to the cover collection of personal information, including details about the user, the device, the operating system, the location, the apps installed on the device etc.
Since users are asked to sign an agreement, it might seem that the data collection is not a breach of privacy, but the Trend Micro research team points out that this is not the truth. The Trend Micro blog says- “Users are actually asked to sign and agree to a EULA (end-user license agreement) which describes the information that will be gathered and used by the app. But we can still say that the app abuses privacy because the collection and transmission of personal data is unrelated to the functionality of the app.”
The blog also details as to what kind of private data these fake apps collect; it says- “The apps can also collect private data like the Android ID, Mac address, IMSI (which identifies the network operator the user is subscribed to), information about the OS, brand and model of the device, device specifics (like dots per inch and screen size), language, location information (from the city the device is in to the longitude and latitude), and data on installed apps like Google Play and Facebook. The app also notes what permissions are granted or not, specifically, usage stats, accessibility, and read notification bar.”
Well, Google did take action and the fake apps had all been removed. Still, it’s good to discuss the measures that could help secure devices and to protect valuable data. The first thing to be kept in mind is this- always use the latest version of any application or software. The other important thing concerns downloading apps; they should be downloaded only from trusted sources. It’s also advisable to use all privacy settings, on all apps and sites. Similarly, while using apps, it’s always good to ensure that the installed apps have access only to those features that they need. It’s also advisable for users to go for multilayered mobile security solutions which would give protection against online threats, malicious applications, and data breaches.
Julia Sowells862 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.