Android malware apps with over 1 million downloads slip past Google Play defenses – twice!

“Researchers recently found at least 50 apps in the official Google Play market that made charges for fee-based services without the knowledge or permission of users,” Dan Goodin reports for Ars Technica. “The apps were downloaded as many as 4.2 million times. Google quickly removed the apps after the researchers reported them, but within days, apps from the same malicious family were back and infected more than 5,000 devices.”

“The apps, all from a family of malware that security firm Check Point calls ExpensiveWall, surreptitiously uploaded phone numbers, locations, and unique hardware identifiers to attacker-controlled servers,” Goodin reports. “The apps then used the phone numbers to sign up unwitting users to premium services and to send fraudulent premium text messages, a move that caused users to be billed. Check Point researchers didn’t know how much revenue was generated by the apps. Google Play showed the apps had from 1 million to 4.2 million downloads.”

“Even after Google removed the apps from Play, many phones will remain infected until users explicitly uninstall the malicious titles, Check Point researchers told Ars,” Goodin reports. “Google has long said that a security feature known as Play Protect, previously called Verify Apps, will automatically remove malicious apps from affected phones. Many phones, however, are never disinfected, either because users have turned off the default feature or are using an old version of Android that doesn’t support it, Check Point researchers told Ars.”

Read more in the full article here.

MacDailyNews Take: “Defenses.” We use that term very loosely when referring to Google’s efforts to safeguard their hapless settlers.

Carrying an Android phone is the same as wearing this:

I'm with stupid

How to upgrade from Android to a real Apple iPhone – August 21, 2017
Video: Apple CEO Tim Cook speaks at Cisco Live, blasts Android’s shoddy security – June 26, 2017
Security expert: There are several reasons why Apple iPhones are more secure than Android phones – May 31, 2017
Russian hacker gang robbed Russian banks with over one million hacked Android phones – May 22, 2017
36 widely-used Android devices ship with malware preinstalled – March 14, 2017
The cost of free: More than one million Google Android devices hit by malware – November 30, 2016
Secret backdoor in U.S. Android phones sent location, text, contact data to China – November 15, 2016
Google’s Android platform has a serious flaw – August 23, 2016
Poor man’s iPhone: Android on the decline – February 26, 2015
Study: iPhone users are smarter and richer than those who settle for Android phones – January 22, 2015
Why Android users can’t have the nicest things – January 5, 2015
iPhone users earn significantly more than those who settle for Android phones – October 8, 2014
Yet more proof that Android is for poor people – June 27, 2014
More proof that Android is for poor people – May 13, 2014
Android users poorer, shorter, unhealthier, less educated, far less charitable than Apple iPhone users – November 13, 2013
IDC data shows two thirds of Android’s 81% smartphone share are cheap junk phones – November 13, 2013
CIRP: Apple iPhone users are younger, richer, and better educated than those who settle for Samsung knockoff phones – August 19, 2013

[Thanks to MacDailyNews Reader “anaknipedro” for the heads up.]


      1. You have trouble with facts. One can indeed set up such a store without additional impediment. You need no company’s permission to do it.

        If I were to wear that shirt the arrow can just as well apply to “I’m” and if I were standing next to you, “with stupid” will apply.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.