According to TrendMicro, Google Play and two other top third-party app stores are hosting a combined 1,730 malicious apps as of the first week of this month. As December winds to a close, it’s estimated that tens of thousands would have downloaded them.
In scale, thousands of potential victims out of a pool of tens of millions is small change. But given that Google has taken such pains to attempt to eliminate malware from their marketplace, the fact they are hosting 500 malicious titles is concerning. Then again, the argument that those 500 are included in millions and the odds of downloading them are low is also valid.
“Though app providers have implemented certain regulations to mitigate the ruckus of malicious or high-risk apps, we are still noticing that these apps are being peddled on popular third party app providers. Some were even downloaded more than 100,000 times. During December 5th- December 10th, we found that a total of 1,730 can still be downloaded from Google Play and two other third party app providers we’ve observed,” Trend Micro’s Symphony Luo wrote in a recent blog post.
Of the malicious titles available, most are fake applications, which tend to display annoying pop-up adverts and harvest personal information. Other types of malware discovered included the apps that download additional malicious software, known as GAPPUSIN. They too are responsible for information theft.
“The selling point of the Android platform is the freedom it gives to users to download apps from different app providers. Users have the option to install apps from whichever sites they prefer. This freedom, however, has been leveraged repeatedly by malicious developers and cybercriminals who want to take a bite of the Android craze,” Luo added.
“With the way things are going, it may take a while before we see a decrease in malicious Android apps. As the platform is poised to overshadow its competitors, we can even expect an increase in this threat... What does this mean for Android users? In a nutshell, they remain targets of shady developers and criminals who are bent on taking advantage of the platform. Thus, one can never be too careful in downloading apps, even from Google Play.”