Google Play faces cat and mouse game with sneaky Android malware

Hackers constantly try to slip malware into the Google Play store, and they succeed

What’s the best way to avoid Android malware? Downloading all your apps from the Google Play store -- where software is vetted – is perhaps the best advice.

But that doesn’t mean Google Play is perfect.

Security researchers do find new Android malware lurking on Google’s official app store. That’s because hackers are coming up with sneaky ways to infiltrate the platform, despite the vetting processes that protect it.

"Eventually, every wall can be breached," said Daniel Padon, a researcher at mobile security provider Check Point.

To be sure, most Android users will probably never encounter malware on the Google Play store. Last year, the amount of malicious software that reached the platform amounted to only 0.16 percent of all apps, according to a new report from Google.

That's contributed to relatively tiny malware infection rates across the 1.4 billion Android devices in use today.

But when a bad app does slip in to the Play store, it can spread. Check Point has been among the security firms on the watch for new android malware.

Earlier this year, it uncovered over 20 apps on the Google Play store that contained malicious coding designed to generate fraudulent ad revenue for its creators. The infected software was downloaded several million times.

Months before, Check Point found another malware strain that was embedded in dozens of different apps on the store. The malware was designed to enslave devices in a botnet and appeared to infect between 500,000 and 2 million devices.

figure 1 dresscode Trend Micro

Android malware called DressCode spread through dozens of apps on Google Play last year.

So how does the malware get in? Every app that goes through Google Play is first scanned for any harmful behavior, which includes checking the coding and running it in a virtual environment.

But even so, malicious processes can be tricky to detect, Padon said. For instance, hackers will incorporate a "dropper" into a seemingly benign app. The dropper will act as a time-bomb, staying silent but downloading additional malware at a later time.

In other cases, hackers have been found hiding malicious coding by using encryption, surrounding it with meaningless commands, or designing the harmful processes to remain inactive when run on a virtual machine.

Padon said the internet giant could be doing more to vet apps. The problem, he claims, is that Google relies too much on automated testing to root out the problem.

"It might be the strongest behavioral analysis engine on the planet," Padon said. But testing each app on a real, human-operated device is still the best way to detect malware, he said.

Google didn’t comment on this story. However, it’s latest Android security report, published this week, does say: "no review process is perfect."

Each month, the Play store will add 40,000 or more apps, according to AppBrain. Managing that business while keeping the software malware-free is no easy task. Automated testing is the best bet to scan all those apps in a time-efficient way.

Nevertheless, the security of Android has often been compared to Apple’s iOS, and the result hasn’t always been favorable. Unlike iOS, which is under the control of Apple, the Android operating system is fragmented across numerous handset vendors, some of which struggle to keep the software securely patched.

That’s made Android, and the Google Play store, worthwhile targets for hackers.

"Since most users expect the apps in Google Play to be clean, they’re left vulnerable, making it easy for the malware to infect a massive number of users at once," said Rowland Yu, a researcher with security firm Sophos.

In the past two years, there have been more than two dozen malware strains found slipping into the Google Play store, according to his research. To try and popularize the malware, hackers will make them look like games, utility apps like energy savers, or drum up fake reviews for them.

Fortunately, when Google detects any malware, it will quickly pull the apps from the store, and sometimes ban the developers involved, Yu said. But he doesn’t see an end to this cat and mouse game. Like Padon, Yu points to machine testing.

"Google heavily relies on machines to test and review the safety and security of apps," he said. "Only a small number of suspicious apps are actually handed over for human review."

screen shot 2017 03 24 at 8.50.44 am Google

Install rates for potentially harmful applications and unwanted software on Android devices are higher when users download from third-party app stores, according to Google.

However, even as malware occasionally slips by, Google is making progress at detecting it faster once it's downloaded, in part with a feature in Android devices called "Verify Apps." It will scan the software over a phone to make sure the apps are behaving safely. If they aren't, the security feature can have the offending apps removed.

"Verify Apps conducted 750 million daily checks in 2016," Google’s security researchers said in a blog post. This helped the company reduce malicious app installation last year.

Andrew Blaich, a security researcher at mobile security firm Lookout, said the malware situation on Google Play isn’t the pandemic that can be found on some third-party Android app stores, which often do less vetting.

"The safest assurance you have to minimize your chance of malware on your Android device is to use the official Google Play store," he said.

Security researchers also advise users to always look at the user reviews for an app. Bad reviews can be a sign that the app is malicious in some way.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?