Official Android app stores offer people the software they seek while generating the impression of guaranteed security. While the impression turns out accurate most of the time, the exceptions should keep us on our toes.
Downloading an app from the official store seems like the safest thing you can do on your phone. Security issues are not among the main concerns in this situation. The worst that could happen is that the app doesn’t start or it works poorly on a particular device. Or at least that’s what goes through the mind of a regular user.
The truth is, though, that security is much more complicated than people realize. It’s not a zero-sum game. A grey area inhabits the middle and cybercriminals attempt to walk daily. Most malicious apps won’t make it into the store, but if attackers hide their intentions well, some apps could fall through the cracks.
From annoying to dangerous
Downright dangerous apps don’t make it into official stores, or at least very rarely. Attackers know to refrain from pushing apps that might trigger security, so they usually settle for less intrusive software that might even provide a minimum of functionality.
In the latest campaign identified by Bitdefender on the Google Play Store, more than 30 apps were found to behave strangely and deploy a form of aggressive adware. The developers promised apps such as wallpaper collections, for example, but immediately after installation, the app would change its name and the icon to something like Settings. The idea is that victims install the app, it appears it’s not working, and they can’t see it to delete it.
Of course, the app could be deleted just like any other one, but you must know where to look. Once installed, attackers would begin to serve aggressive ads on top of other legitimate apps. While showing ads and mimicking taps on ads for revenue can be categorized as annoying, the potential for much more harm was there.
The ads served by the malware come from a third-party framework controlled by the attackers. Instead of an ad, victims could easily get redirected to more dangerous malware, like a banking trojan.
It gets worse than just ads
Potentially unwanted applications (PUAs), like the ones spotted by Bitdefender, could become a bigger problem. Sometimes, criminals upload downright malware, as happened in December 2021. Numerous Showbox clones infected the Samsung Galaxy Store. The original app itself could not have been in an official store since its primary use is to provide pirated multimedia content. While the clones didn’t have any malicious code, they could act as droppers and download other types of malware.
Similar behaviors have been observed in the past for Google Play. For example, during the height of the Flubot and Teabot malware waves, in January 2022, Bitdefender found a few apps in the official Google Store that would act as droppers for the infamous banking trojans.
Security above everything else
Assuming that the official app stores offer sufficient security for downloaded apps is a mistake. As users, we must be aware that online threats come from all sides, and dismissing official stores as a source of malware can have dire consequences.
Time and time again, criminals show us that we need a layer of extra protection that can detect new threats, such as Bitdefender Mobile Security, which scans everything people install. Moreover, new technologies let the security solution detect malicious behavior and look at what apps do after installation.