With the increasing number of Android smartphone and app users worldwide the threat of users’ falling in a trap laid by hackers is also looming large. A study has revealed that 2,040 apps listed on Google Play are counterfeit and pose a serious threat to millions of Android apps users’ privacy and personal data.
The study was conducted for over 2 years and investigated more than 1 million Android apps. A sizeable number of apps are found either requesting suspicious amount fo permissions or are malware-laden, highlights the study conducted by the University of Sydney and Data61 of CSIRO.
A large number of apps that don’t contain any malware but are found fake. Such apps secure a lot of permissions during the installation or usage to access personal data but their functionalities and features have got nothing to do with. Many top popular gaming apps on Google Play are the most favourite of hackers to counterfeit.
The researchers employed neural networks to identify such counterfeit android apps listed on Google Play. The similarity in Icons or partially plagiarised description of the top 10,000 apps on Google Play led the researchers to the 49,698 potentially dangerous apps.
To further investigate researchers used VirusTotal which flagged 7,246 apps as malicious. Surprisingly, 2,040 apps of those were found fake and quite dangerous for users. The level of risk could be understood by the fact that 1,565 of those apps request at least five highly sensitive permissions and 1,407 apps embed ad libraries from their party passing users’ data.
Researchers have blamed Google’s app policies for such threats.
“While Google Play’s success is marked on its flexibility and customisable features that allow almost anyone to build an app, there have been a number of problematic apps that have slipped through the cracks and have bypassed automated vetting processes,” said study co-author Dr Suranga Seneviratne from the University of Sydney.
On the other hand, Google claims that the process of identifying malicious apps have become more stringent now. Last year, the company successfully blocked a number of such apps before they were listed on the Google Play store. The number of rejected apps submissions and app suspension increased by 55% and 66% respectively, in 2018.
Google has been facing criticism for hosting potentially dangerous Android apps for long. In 2013, another report from Trend Micro blamed Google Play for hosting 1 million malicious apps. Google promised to revisit their strategy then. However, in 2015, Google once again found itself in hot water when another report revealed that 24% of popular Android apps talk to harmful websites without the consent of users.
Since the release of the latest report, 35% of such counterfeit apps have disappeared from the Google Play. It is, however, not clear whether the action by Google was largely driven by the findings of the report or complaints from Android users.