The secrets of malware success in the Google Play Store and why Google can’t stop it.

Google’s Android platform has become a larger target for mobile malware writers than Apple iOS. This could be a result of Android’s popularity—with more than 1 million activations per day, Android smartphones command a 59% market share worldwide. However, the relative vulnerability of Android vs. iOS comes down to the level of control the vendors have over products and the marketplace for development and distribution of apps.

Mobile malware writers know the best way to infect as many devices as possible is to attack central application markets. The cybercriminals plant applications that include hidden (obfuscated) malicious functionality in an attempt to avoid detection included in the vendor’s application vetting process (e.g., Google Bouncer).

In 2011 alone, Google removed more than 100 malicious applications from its app store. Google discovered 50 applications infected by a single piece of malware known as Droid Dream, which had the capability to compromise personal data. However, Google hasn’t always acted in a timely manner to prevent infections. Users downloaded one harmful app more than 260,000 times before the company removed it from the app market.

Security researchers have discovered a strain of Android malware that keeps finding its way onto Google Play – despite the store supposedly being scrubbed clean of infiltrated apps.

The software nasty – Android.Spy.277.origin – is hidden in more than 100 applications on Google Play. Sketchy programs harboring the malware masquerade as legitimate popular games and the like, but they come with a secret backdoor.

Once the infected app is installed, the attacker can remotely download a malicious APK called “” to the device. After the victim is tricked into allowing the code to be installed, the Android device sends a wide array of information about the hardware to command and control servers, plus the user’s email address and location.

Hackers make money from the malicious app through ad click fraud and by pushing mobile scareware. Users are induced into installing fraudulent apps by saying the device has battery issues that can be solved by downloading utilities which, in reality, have little or no use.

Even after Google removed samples of the dodgy software from Google Play, Check Point’s Mobile Threat Prevention research team found an additional app, called Street Stick Battle, containing the same malicious payload. The rogue app has notched up between one million and five million downloads.

The incident provides further evidence that users can’t strictly trust official app stores to stay protected. Malware can infiltrate these stores on multiple instances even after initial detection.

When it comes to Android malware, we have three primary tips:

  • Install patches for your device as soon as they are available. (Sadly, for some devices, that’s rarely or never.)
  • Use a product such as an Antivirus and Security to keep an eye out for malware, dodgy websites, adware and other potentially unwanted apps.
  • Turn off Allow installation of apps from unknown sources in the Android security settings if you can.

The last option means that you lock your phone voluntarily to the Google Play Store, in much the same way that iPhones and Windows Phones are locked, like it or not, to their respective app stores.

The Google Play app market has a barrier to entry that includes numerous automated app vetting procedures that help to keep out ripped-off, risky, or downright criminally-minded apps.

Google Play starts showing apps’ actual download sizes

So, given that the Play Store has an official gatekeeper, operated by Google itself, you may wonder why we also urge you to run a third-party anti-virus tool, and to go out of your way to grab patches as soon as you can.

The problem is easily explained: about 50,000 new apps are admitted to Google Play each month, with just under 2,000,000 apps in there altogether.

At that rate – more than one new app each minute – there isn’t a whole lot of time for scrutiny and due diligence, whether by human, or computer, or both.

Mistakes happen, to the point that during 2015, malware samples from more than 10 different families made it past Google’s checks and were installed more than 10,000,000 times.

Apple’s walled garden App Store—where applications are fully vetted before being made available to customers—has prevented widespread malware infection of iOS users. As a centralized point of distribution, the App Store provides users with confidence that the apps they download have been tested and validated by Apple.

Evidence of malicious malware showing up in the App Store is anecdotal at best, as Apple does not typically volunteer such information. However, it’s safe to assume that since Apple does not make APIs available to developers, the iOS operating system has fewer vulnerabilities.

However, iOS isn’t 100% invulnerable either but its more secure than an Android (not by a large margin).

2 thoughts on “The secrets of malware success in the Google Play Store and why Google can’t stop it.

Add yours

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Powered by

Up ↑