Recently, a total of 36 Android apps were removed from the Google Play Store. These apps were found to be fake security apps that were only posing as security and performance boosting apps which only contained necessary code to make them look like a legitimate security app.
According to security experts, the applications removed contained code which makes the apps display fake security alerts, intrusive ads as well as gather users’ personal data without them knowing. The real functionality of these apps came light recently when a researcher from Trend Micro named Lorin Wu published a report with regards to these apps’ abusive traits.
Wu first spotted the fake Android Security apps way back in December and has already started working with Google to get rid of them from the Google Play Store. According to Wu, the apps are empty shells that displayed fake security alerts in the notifications area where it would open and show misleading animations that are meant to drive users into thinking that the app was doing its job and fixing some security issue or performance-related problem. All these fake alerts are merely a front as the apps were really downloading and showing intrusive ads whenever users click on the notifications. This makes it clear that the real purpose of the apps are not to fix security and performance issues of a device but to maximize their monetization opportunity by displaying intrusive ads before users realized that the apps are nothing but useful.
Aside from camouflaging the “app fixing” process through a make-believe animation, these fake Security apps also contained clues which made Wu certain that the apps are really up to no good from the beginning. One of the clues that made Wu come up to the conclusion is that the apps do not create any shortcut icons on users’ devices right after they’re installed so that users won’t be able to uninstall it easily.
Fortunately, these fake apps can’t start their malicious behavior on modern smartphones as these Android OS versions have improved security features that make it impossible for the fake apps to do their real intent.
Wu also stated that the source code of the fake Security apps contained some filters that prevent them from running on devices such as Xiaomi MI 4LTE, LGE LG-H525n, Google Nexus 6P and ZTE N958St.
In addition to its adware-like behavior, these apps also collected a number of sensitive information from the devices they were installed on. Such information includes the OS information, hardware specifications, information about other apps installed in the device, geolocation details and so much more. Even though some of the apps have a long-winded EULA agreement where the app developers disclosed their data collection activities, Wu said that gathering users’ information was not related to the apps’ functionality. This is also probably the reason why Google got involved and removed the fake Security apps from the Play Store. To make many users aware, Wu has published the list of all the 36 apps containing an adware-like behavior.