We all have used an Android smartphone once in a lifetime as it has a history of being cost-effective, easy to manage, filled with multiple features. The Android device runs on Google Play which is the official Android app market filled with thousands of apps. Google PlayStore is considered to be the biggest app store, but multiple reports of malicious apps have been reported and found in the Play Store.
Google found malware filled apps on Play Store which were downloaded hundreds of times. But before Google took action, the apps were downloaded by hundreds and may have affected devices as well. Imagine the security tool VPN available on the Play Store supposed to protect online privacy is involved in fetching user data.
VPNs That Pose a Threat To Privacy
A report claims that more than 85% of the free VPNs available on the Google Play Store have found to be indulged in privacy issues. 150 of the popular free VPN apps available on the Google Play request excessive permissions. A Virtual Private Network (VPN) is mostly used to protect online security, but the free apps are doing a lot more than that.
Google has been working to block unwanted apps that ask for excessive permissions, but the problem exists. These apps include third-party advertising libraries which is a greater risk for VPN users. This along with a DNS leak issue surfaces on the VPN which is a security flaw. It occurs when a VPN leaks DNS and allows the DNS requests to be made directly to the ISP DNS server.
The VPN will keep the data encrypted but the leak exposes users browsing the history, and third-party DNS server may see it.
What is in Google’s Knowledge?
We believe Google is doing nothing regarding the matter while malicious apps keep flooding the Play Store. Google hasn’t been the fastest to block and remove these apps, but continuous efforts are in place to remove malicious apps. Being an open source platform is a great aspect of the Android Play Store, but it is prone to viruses and loopholes.
Operating systems have always found themselves in a tight spot dealing with malware, bugs, and viruses over time and it gets easier to exploit known faults in older versions as soon as a new version is patched. Google introduced a feature called Project Treble that addresses this security threat and is working to find a fix.
With time, Android has shaped the way their operating system works, and with each upgrade, they removed bugs and flaws. After the release of the ‘Android Oreo,’ Google has given its users more control over tackling permissions and has further cracked down on ‘SMS and Call Log permissions’ restricting their use ONLY when it is allowed and permitted by the user.
A report from security firm Trend Micro found that 29 camera and photo sharing apps in the Play Store were involved in unwanted activities such as injecting full-screen pop-up ads that have fraudulent content (pornography) when unlocking their devices.
From those apps, some of them redirected users to malicious phishing sites that attempted to steal sensitive personal information by tricking the user into believing they won a prize. Another bunch of apps pretended to be beauty apps which were a disguise to steal images uploaded on the app. Instead of receiving an edited image after uploading it on the app, the app uploaded the image on its servers and users received a message claiming they have to make an update.
The app is built in a way that prevents people from discovering its malicious activities including compression archives (packers) which make it challenging to analyze and the remote servers that were twice-encoded with a code (BASE64). The last option for the user remains to uninstall the app.
How Can Users Avoid Malicious Apps?
The best and foremost method would be to not install the app, but that seems impossible as you can never find out which app asks for excessive information until unless you download the app. Ever wondered why a Flashlight apps would want to know your location and access your camera? It seems bizarre and out of the question.
We would suggest to read the reader reviews in the app and make sure you go through the negative comments to have a clear picture. However, these reviews are manipulated by the users, and you will fall to its trap.
It is better to make use of those apps that are in-built in your Android device rather than looking for different apps. This doesn’t apply on iOS devices as the apps are approved after extensive analyses of the app by iOS. We do urge and look forward to seeing Google making drastic changes in eliminating these apps as they pose a threat to users and the operating system itself.