Google’s Android is facing a tough battle against malware apps, and there seems to be no end in sight.
According to new research, Google’s Play Store is riddled with thousands of possible malware-ridden counterfeit apps and games.
The two year study, conducted by researchers from the University of Sydney and Commonwealth Scientific and Industrial Research Organisation’s (CSIRO) Data61, analyzed more than a million Android apps on the platform. They found an alarming number that impersonated legitimate apps and games.
“We were able to find 2,040 potential counterfeits that contain malware in a set of 49,608 apps that showed high similarity to one of the top-10,000 popular apps in Google Play Store,” the study noted. “We also [found] 1,565 potential counterfeits asking for at least five additional dangerous permissions than the original app and 1,407 potential counterfeits having at least five extra third-party advertisement libraries.”
Games Temple Run, Free Flow, and Hill Climb Racing were among the most commonly counterfeited.
To carry out the study, researchers designed a convolutional neural net to identify similarity in app icons, thereby proving that unsuspecting users can be fooled into downloading a fake app that has a similar image style and iconography.
After discovering a million apps by crawling the Play Store, they downloaded the APK files and grouped them by app category and visual similarity shared by the apps. They also took into account plagiarised text descriptions of the top 10,000 most popular apps in the Play Store. The ‘multi-modal embedding’ machine learning model found 49,608 potential counterfeits.
The identified apps were then checked for malware using the private API of VirusTotal, an online malware analysis tool that was acquired by Google in 2012. The company has since been spun-off into a full-fledged cybersecurity sister company under Alphabet called Chronicle in 2018.
The paper also took into account the permissions requested by these apps and third-party ad libraries that come with them, but noted that around 35 percent of the apps are no longer available in the Play Store “potentially removed due to customer complaints.”
It has also tightened its polices and as a result, the number of rejected app submissions increased by more than 55 percent, and app suspensions increased by more than 66 percent, the company noted.
“Keeping the Android ecosystem secure is no easy task, but we firmly believe that Google Play Protect is an important security layer that’s used to protect users devices and their data while maintaining the freedom, diversity and openness that makes Android, well, Android,” Google acknowledged earlier this year.
But problematic apps have continued to bypass the security barrier several times before.
Back in April, the internet giant sprung into action after a series of Buzzfeed investigations found popular Android apps with millions of downloads to be running hidden video banner ads and engaging in ad fraud.
Complicating the matter is the open nature of Android, which makes it relatively easy for copycat apps to escape detection, thus leaving users at risk.
The fact that the research was conducted on what should be one of the most legitimate app stores is a cause for concern. If you are an Android device owner, make sure you verify it is indeed the app you’re looking for by checking out ratings and reviews. Most importantly, always check the permissions on the app‘s page and confirm they’re not asking for far more than they need to function.