The Google Play Store is full of malicious Android applications that have even been downloaded by the millions and Google is to blame for not having enough filtered these applications. These fragmented applications commit advertising fraud by taking advantage of user permissions. These applications collected user data and sent it to China without informing users. Most of these applications are developed by the DU group among other companies, as revealed by Buzzfeed.
The way Google controls these apps is highlighted since these malicious Android apps engage in large scale fraud and data collection from users. Six of the applications created by DU have a total of 90 million downloads. These applications require too much unnecessary and invasive permissions and some of them are not needed to work, such as a flashlight app and a Samsung TV app that can record your conversations to using the microphone of your device. These applications collect user information and send it to China without encryption.
The developers have exploited the Google Play Store by hiding who they really are. Google should do more to protect its users from these malicious Android apps – these apps obscure users by not listing their direct connection to DU Group. Most of these applications generate and collect user data in the background, violating the privacy of its users. This data could be used by government agencies or malicious third parties.
Selfie camera, AIO flashlight, Omni cleaner, Total Cleaner, Smart Cooler, Samsung TV remote control, Emoji flashlight, WaWaYaYa app and RAM Master
The selfie camera app has been downloaded more than 50 million times, got a rating of 4.5 stars and ten thousand critics in the Google Play store. She was one of the most popular apps in the UK, which made her so legitimate.
It was found that these malicious Android apps had malicious code that allowed them to generate fake clicks to generate fraudulent revenue in the background when the app was not open, thus draining the battery and your data packets while committing other privacy breaches.
These malicious Android apps also contained fake advertisements and undisclosed features such as performance enhancing features that simply ruin the operation of your phone. Most of these features are not explained in the description of the application on the Google Play Store, which increases the vulnerability of the user because they could be used as backdoors during attacks Trojans to spread malware.
Overly authorized applications
Most of these malicious Android applications require too many permissions that are not needed for the application to work, such as the AIO Flashlight application that requires almost 31 permissions. This emoji flashlight app with 5 million downloads on the Google Play Store requires up to 30 permissions. These two apps have claimed more than 7 permissions in the "dangerous" category defined by Android and include location data, access to phone sensors or personal contact information.
The Samsung remote TV application designed by Peel Technologies has requested more than 58 authorizations, including 23 in the danger zone. When using the application, it collects behavioral data, a device, an IP address and your location. It's more strange that they are already registered with Samsung to have the TV application and others preinstalled on the smartphones of the technology giant. This had been frustrating for users since apps were randomly loading ads, ruining the user experience. Applications are not preinstalled, but a Samsung help page tells users how to disable the app.
What does Google do?
All of these apps have been blacklisted and removed from Google Play Store because they go against Google's policy. Google has published an article explaining the measures taken to prevent and act on developers who publish malicious Android apps on Play Store. The Internet search giant also announced that it would hire more people to evaluate apps on its app store.
How can I protect myself from downloading these malicious Android apps?
- Use reliable application stores
- Consider the opinions of the application
- Check the number of stars that the application has obtained
- Escape applications that are very excessively allowed
- Check if it's the real application
After the download
- Stay away from applications that require unnecessary additional permissions
- Remove apps that do not do what they're supposed to do
Read the steps here with a more detailed explanation on how to protect yourself from downloading these malicious Android apps.
Here is a list of security checkpoints to browse for your Android smartphone.
Here's how to prevent applications from sharing your location data.