Skip to Content
Security & privacy

Malicious apps sneak back into Google Play

We often rely on official app sources like Google Play for Android and the Apple App Store for iPhones to protect us from malicious and fake apps. Official app stores have vetting systems in place that third-party stores don’t have. They are supposed to prevent unscrupulous developers from tricking unsuspecting users into installing shady apps.

Although app screening cuts down on the chances a malicious app makes it in, it doesn’t always work. Sometimes a sneaky developer finds a way to trick these systems into accepting a questionable app.

That’s exactly what’s happening now. Some malicious apps have made their way back into the Google Play Store.

What do you mean, back into Google Play?

Yep, that’s right. Researchers with Symantec recently discovered a new batch of malicious apps that were spreading an old version of malware that had previously been removed. Devious scammers!

The malware infects the victim’s gadget with adware. It was found hidden in the following types of apps: (Note: specific app names were not revealed)

  • app lockers
  • calculators
  • call recorders
  • emoji keyboard additions
  • space cleaners

According to Symantec, the apps in question use the same tricks to throw off victims. They include:

  • Time delayed – The apps wait for 4 hours before launching malicious activity.
  • Fraudulent use of Google Play logo – The apps also request admin privileges and go so far as to use the Google Play icon when requesting them to give the victim a false sense of security.
  • Hiding in the background – These apps have the power to change the launch icon and the “running apps” icon in system setting once installed. They do this while again using trusted Google Play icons to avoid suspicion.
  • Delivers ads for profit – Ads are pushed to the victim’s phone via Google Mobile Services. URLs are launched in web views, redirecting tons of “you won” scam pages to trick victims into clicking.

How to stay protected from malicious apps

In the never-ending battle against scammers, Google is asking Android users to follow these steps:

Google Play Protect

One way to stay protected is to opt into Google Play Protect. It is designed to work in the background, protecting users from malicious apps in real time. Click here to learn more about it and how to opt in.

Avoid third-party apps

Only download apps from the Google Play Store. Even though some malicious apps make it into the Play Store, it does have a more thorough screening process. This cuts down on the chances a malicious app makes it in. Third-party app stores don’t have these screening processes.

Keep unknown sources disabled

According to Android, it protects users from inadvertently downloading or installing “unknown apps,” or apps from sources other than Google Play. Android blocks such installs until the user opts into allowing the installation of apps from other sources. It’s disabled by default and we recommend keeping it this way.

Make sure your operating system is up to date

Make sure your gadget is updated with the most recent Android security update. You’ll get these security updates in regular operating system updates. It’s a great way to patch vulnerabilities.

Check the app’s developer

Verifying the name of the app developer is important. Copycat apps will have a different developer’s name than the actual one. Before downloading an app, do a Google search to find the original developer.

Pay attention to reviews

Most popular apps will have reviews by other users in the app store. You can sometimes find reviews by experts online. These are helpful at pointing out malicious or faulty apps. If you find a review warning the app is malicious, do NOT download it.

If you do think that your Android device has been infected with a virus, don’t worry, we’ve got you covered. Click here to find out how to detect and remove a virus on your Android gadget.

5 easy tips for better computer security

You’ve heard the horror stories about hackers stealing innocent people’s IDs, Social Security numbers and tax refunds. You’ve probably heard that hackers steal billions of dollars from people like you every year. It seems like a day doesn’t go by that a massive data breach spreads your personal information to the Dark Web and to who knows who. That’s why you need to know these easy tips for better computer security.

Click here for 5 simple steps to keep your personal information and financial records safe!

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days