The open nature of Google’s Android operating system means that the Play Store can sometimes be a dangerous place, with some less-than-honest app developers sneaking corrupt and malicious content into the app marketplace.
According to Android Authority, 13 popular apps have been banned by Google.
The method these apps used to boost their numbers on the Google Play Store is surprisingly simple. Each one seems normal on the surface, but they all secretly download other applications in the background, in the process artificially boosting their download numbers. Some of these apps even go so far as to automatically post positive reviews and ratings without the owner’s knowledge.
Some of the apps on the list also attempt to gain root access to a person’s device, allowing them to remain installed even after a factory reset. Google has reportedly run into this issue in the past, but in previous instances the malware infected apps weren’t discovered on the official Google Play Store, and were instead located in third-party Android marketplaces.
Lookout Security, the security researcher that uncovered the malware infected apps, says that there isn’t a simple solution to remove the infected apps from your Android device, especially if the app in question has already gained root access. In some cases removal requires the installation of a Root Explorer app, forcing the user to manually find the infected files and remove them manually. Reflashing to a manufacturer ROM will also reportedly solve the issue.
“The explanation for the apps’ high ratings and hundreds-of-thousands of downloads is the malware itself. First off, some of the apps are fully-functioning games. Some are highly rated because they are fun to play. Mischievously, though, the apps are capable of using compromised devices to download and positively review other malicious apps in the Play store by the same authors. This helps increase the download figures in the Play Store. Specifically, it attempts to detect if a device is rooted, and if so, copies several files to the /system partition in an effort to ensure persistence, even after a complete factory reset. This behavior is very similar to several other malware families we’ve seen recently, specifically Shedun, ShiftyBug, and Shuanet,” writes lookout researcher Chris Dehghanpoor in a recent blog post.
Honeycomb, one of the 13 apps called, has reportedly been downloaded approximately a million times before Google removed its from the Play Store.
Find a list of the infected apps below: