Google Play Store

Report: Play Store apps w/ 1.5 million installs ran hidden adware, slowed phones

Damien Wilde | Aug 30 2019 - 5:23 am PT

Researchers have found two Google Play Store apps that amassed a combined 1.5 million downloads over 12 months using a new form of hidden click fraud adware that would slow phones, increase overall data usage, and drain batteries.

“Idea Note: OCR Text Scanner, GTD, Color Notes” and “Beauty Fitness: daily workout, best HIIT coach” from developer Idea Master managed the impressive download figure over the course of a year completely undetected. It was only thanks to digging by Symantec that the nefarious click fraud and device infections were found (via ArsTechnica).

The two apps actually used legitimate packers — which help protect the intellectual property of Android apps. In the instance of these packers, they can change the entire structure flow of an .apk file. This made it difficult to detect the actual app behavior. It also explains why the apps managed to flow under the radar for a year without being detected.

When installed on a device, the app would send a notification using the notification drawer on the phone. Then once clicked, Toast is used to display a hidden view containing ads. Toast messages are used to show unobtrusive notifications, like when you adjust the volume.

The ads would “show” outside of the view of your screen, essentially running hidden in the background without your knowledge. The developers then set an automated ad-clicking process to generate ad revenue without the user even realizing. After discovering the practices, Symantec notified Google, who then pulled the offending sneaky adware apps from the Play Store.

This method is quite different from the recent report that found 85 apps on the Play Store forcing full-screen ads on phones. This insidious method seems far worse by comparison. It pays to be vigilant, even when installing apps from legitimate sources.

It hasn’t been a great week for Play Store security yet again, as earlier this week Kaspersky found that the immensely popular CamScanner app was pulled for allegedly spreading malware (via Android Police). It was reinstated after the devs removed the AdHub module which was found to be the culprit. To Google’s credit, they pulled the app quite rapidly after reports surfaced.