Adware hiding in Android Apps

Adware Apps Hiding on Android’s Google Play Store

When you go to download an app from the Google Play Store on your Android device, you likely aren’t thinking about the possibility of getting unwanted ads. However, adware in Android apps is a more common problem than you may think at first. Be careful and take precautions to protect your Android phone or tablet.

What Is Adware?

Strictly speaking, it is any form of software that generates revenue through serving ads. This is a common practice among mobile app developers. In fact, it is accepted and supported by Google.

However, typically the term is primarily applied to software that serves ads maliciously. This may be forms of advertising that aren’t allowed for apps on the Google Play Store. For example, some of these apps serve interstitial, full-screen or notification ads. It may also be software that causes ads to display unexpectedly.

As well, the term is often applied to apps that display ads and are designed to be usually difficult to remove. In short, adware apps on Android tend to be those that are primarily focused on serving unwanted ads but that masquerade as another type of app, then are difficult to remove after they have been installed.

Some of these Android apps monitor your device’s locked state. When you unlock the device, it plays a full screen ad. Others force your browser to redirect to advertising webpages whenever you try to navigate to any URL. All these behaviors are disruptive and may even compromise your personal information. There is no doubt that these apps are a potential danger to Android users.

What Apps Could Be Adware?

Although Google has a review process in place for all apps submitted to the Google Play Store, a number of adware apps have been discovered by third-party researchers. For example, Trend Micro recently discovered 85 game, remote-control and TV apps that contained unwanted ad-generating code.

One of these apps, Easy Universal TV Remote, has been downloaded over 5 million times. The app appears to offer users easy control of their TV through the Android app. However, according to reviews of the app, it doesn’t work as a universal remote. In fact, it hides its icon, so it is nearly impossible to find, let alone remove. It then runs in the background and serves unwanted ads to the device’s user.

Other researchers have found similar examples. These include simple games, utility apps and more. Most of these apps are either poorly made or don’t work at all. However, the one thing they do well is install adware onto the device.

Interestingly, many of the researchers who have discovered these issues in Android apps have found similar code between different cases. Although the apps are often distributed with different developer accounts and are signed with different keys, they appear to be based on a few sets of almost identical code:

  • HideIcon: This adware hides the icon of the app, then pushes aggressive ads to the user. These typically interrupt other user experiences. Due to the hidden icon, these apps can be very challenging to remove for most users.
  • NotFunny: This type first appears as an innocuous app. It then prompts the user to download what appears to be a Facebook app. This second component asks for access to personal information and other permissions. It also hides the icon of the app once installed.

How Does Google Handle Adware in Android Apps?

Google does take measures to avoid malicious apps on its store. Android security measures against the problem include automatic scanning of the APK files uploaded to the app store, human review and functionality that lets users flag apps as being inappropriate.

However, Google has famously made the process of publishing an app relatively easy. Developers who wish to distribute their apps through the Google Play Store need only pay a small fee and set up a page. The entire process can be completed in a matter of hours. Entities trying to distribute malware can potentially automate much of this process, making it simple for them to create multiple accounts.

Furthermore, although Bouncer, Google’s anti-malware system, is reasonably effective at detecting compromised apps, dedicated developers have found ways around it. For example, some distribute apps that open a URL, and this webpage then automatically downloads the compromised payload. During review, the developers keep the webpage clean and innocuous, then update it after the app has been approved.

Researchers have repeatedly found batches of adware in Android apps. In 2018, four high-profile discoveries were made in a three-month stretch. To Google’s credit, after verifying the reports, it promptly removed the affected apps. Nonetheless, the frequency of these discoveries suggests that the prevention methods need an update.

What Can You Do To Avoid Compromised Apps?

This may leave you wondering how you can protect yourself against compromised apps. Notably, nearly all of the adware in Android apps has been found in relatively low-effort applications. They were downloads such as ringtone, wallpaper and flashlight apps. Android features most of these functions natively, so you can skip the downloads anyway.

Additionally, the apps tended to have reviews that suggested there was a problem. While it is rare for reviews to out the apps directly, many included complaints of poor functionality, hidden icons or difficulty uninstalling. However, don’t trust the review score aggregate. Many of the developers trying to spread these apps intentionally inflated their review scores. The universal remote app had a score of 3.9 when it was discovered by the Trend Micro team. Read the specifics of some reviews.

Lastly, try to stay up-to-date with Android security news. Being mindful and keeping yourself informed can help you to avoid a large percentage of problematic Android apps.

Stay Informed

If you want to know more about adware in Android apps as well as news about malware and viruses in general, Super Source GmbH is the source for you. Sign up to receive regular updates on research, news and resources that can help you stay protected. When you know what is out there, you can do more to protect yourself in today’s digital world.