Google has removed two malicious apps with a combined total of over 1.5 million downloads after they were caught serving adware.
The apps in question — Sun Pro Beauty Camera and Funny Sweet Beauty Selfie Camera — were also found to have “more advanced functionality than your average adware,” according to researchers at Wandera.
Intrusive out-of-app ads are more of an annoyance than a critical threat, but can also cause battery drain and infect devices with malware.
The two apps included requests for more permissions than usual, allowing them to record audio without users’ consent and serve full-screen ads even without opening them.
According to the researchers, the apps’ functionality is awfully similar to a number of photography and gaming apps uncovered by Trend Micro in August, which displayed ads that were difficult to close and employed “unique techniques to evade detection through user behavior and time-based triggers.”
The report comes close on the heels of a similar research last week which found four VPN apps that were found to be bombarding devices with fraudulent ads, even when they were running in the background.
Google’s app storefront has come under criticism in recent months for its failure to rein in malware-laced apps, which have been installed by millions of users wihout realizing their insidious nature.
Although Google Play Protect has “detected and removed malicious developers faster,” it seems powerless against what appears to be a steady pattern of potentially harmful apps bypassing its security checkpoint, highlighting the scope of the problem.
As always, the same rules of security hygiene apply: stick to the Play Store for downloading apps and avoid sideloading from other sources, and most importantly, scrutinize every permission an app requires before installation.