Google Play hosted 205 harmful apps with over 32M installs last month alone

Google Play hosted 205 harmful apps with over 32M installs last month alone

It seems Google is losing the battle against sketchy Android software big time. The company hosted over 205 harmful apps on the Play store in July only. The kicker: these apps were downloaded over 32 million times in total in the past month alone.

The bulk of the suspicious software – 188 to be exact – contained hidden ads, accounting for 19.2 million installs. The rest of the offenders fell under the categories of subscription scam, ad fraud, stalkerware, fake apps, fake antivirus tools, adware droppers, and software with built-in backdoors, according to data compiled by ESET malware researcher Lukas Stefanko.

Interestingly, while there were only three subscription scam apps, they made up a third of all downloads with 12 million installs.

Credit: Lukas Stefanko / Twitter
Data compiled by ESET malware researcher Lukas Stefanko.

While hidden ads might not sound so bad, Stefanko clarifies this is a particularly aggressive breed of adware. “Upon launch, these apps hide their icons from the home screen,” the researcher told TNW. “They have mostly no functionality, other than displaying fullscreen ads to the user.”

Stefanko reviews malicious activity on the Play store monthly. “All these apps and numbers are based on research, blogs, reports, and tweets published in July, 2019 by the infosec community,” he explained.

We contacted Google, but no spokespeople were available for comment at the time of publishing. We’ll update this piece accordingly if we hear back.

Trouble in Google Play

This is hardly the first time the Big G has struggled to curb the spread of harmful apps on its official mobile software distribution platform.

A few weeks back, a study by the University of Sydney and the Commonwealth and Scientific Industry Research Organisation concluded the Play store is riddled with suspicious apps.

We were able to find 2,040 potential counterfeits that contain malware in a set of 49,608 apps that showed high similarity to one of the top-10,000 popular apps in Google Play store,” the researchers noted. “We also [found] 1,565 potential counterfeits asking for at least five additional dangerous permissions than the original app and 1,407 potential counterfeits having at least five extra third-party advertisement libraries.”

Although the Mountain View behemoth removed over 700,000 harmful apps last year as part of its antivirus efforts with Play Protect, malware continues to slip through the cracks.

Back in 2017, antivirus testing firm AV-TEST reported that Google’s own Play Protect detected only about 66 percent of suspicious apps in real-world trials.

What makes this trend particularly dangerous is that Android users are often advised not to download apps from third-party sources to avoid malware. Unfortunately, it seems sticking to the Play store isn’t always safe either.

Read next: We have some questions about Microsoft's 'Mac Book' advert