Given the scale at which the Google Play Store operates, fake apps are an inevitability. So far, Google has done a decent job of keeping malicious apps out of the Play Store, but it is virtually impossible for them to get rid of each and every one of them. Today, a study has discovered over 2000 malware-laden counterfeit apps in the Android app store, Google Play.
The apps were discovered by researchers from the University of Sydney and CSIRO’s Data61 over the course of two years. The researchers investigated more than a million apps available on Google Play, discovering a huge number of apps that impersonated popular games and contained malware.
The most common tactic used was to use visually similar app icons and partially plagiarised text descriptions of popular Play Store apps such as Temple Run and Flow Free. The apps were then checked for malware using malware analysis tool VirusTotal. Of the 7246 tagged by the tool, the researchers 2040 apps were deemed high-risk, fake apps. Dr Suranga Seneviratne, co-author of the study had the following to say:
While Google Play’s success is marked on its flexibility and customizable features that allow almost anyone to build an app, there have been a number of problematic apps that have slipped through the cracks and have bypassed automated vetting processes. Our society is increasingly reliant on smartphone technology so it’s important that we build solutions to quickly detect and contain malicious apps before affecting a wider population of smartphone users
While imitation may be the best form of flattery, fakes are far from it. Over the years, shady developers have perfected the art of creating fakes of popular apps and very often, it is impossible to tell the fake from the original. The problem is further complicated when a fake doesn't break any rules and is different enough not to be classified as such. In 2017 Google took down more than a quarter of a million impersonating apps. It'll be a never-ending battle between Google and developers of such apps, given that just about anyone can publish an app to the Play Store relatively easily. The entire paper is available for download here.