Google Play faces cat and mouse game with sneaky Android malware

Hackers constantly try to slip malware into the Google Play store, and they succeed

What’s the best way to avoid Android malware? Downloading all your apps from the Google Play store -- where software is vetted – is perhaps the best advice.

But that doesn’t mean Google Play is perfect.

Security researchers do find new Android malware lurking on Google’s official app store. That’s because hackers are coming up with sneaky ways to infiltrate the platform, despite the vetting processes that protect it.

"Eventually, every wall can be breached," said Daniel Padon, a researcher at mobile security provider Check Point.

To be sure, most Android users will probably never encounter malware on the Google Play store. Last year, the amount of malicious software that reached the platform amounted to only 0.16 percent of all apps, according to a new report from Google.

That's contributed to relatively tiny malware infection rates across the 1.4 billion Android devices in use today.

But when a bad app does slip in to the Play store, it can spread. Check Point has been among the security firms on the watch for new android malware.

Earlier this year, it uncovered over 20 apps on the Google Play store that contained malicious coding designed to generate fraudulent ad revenue for its creators. The infected software was downloaded several million times.

Months before, Check Point found another malware strain that was embedded in dozens of different apps on the store. The malware was designed to enslave devices in a botnet and appeared to infect between 500,000 and 2 million devices.

figure 1 dresscode Trend Micro

Android malware called DressCode spread through dozens of apps on Google Play last year.

So how does the malware get in? Every app that goes through Google Play is first scanned for any harmful behavior, which includes checking the coding and running it in a virtual environment.

But even so, malicious processes can be tricky to detect, Padon said. For instance, hackers will incorporate a "dropper" into a seemingly benign app. The dropper will act as a time-bomb, staying silent but downloading additional malware at a later time.

In other cases, hackers have been found hiding malicious coding by using encryption, surrounding it with meaningless commands, or designing the harmful processes to remain inactive when run on a virtual machine.

Padon said the internet giant could be doing more to vet apps. The problem, he claims, is that Google relies too much on automated testing to root out the problem.

"It might be the strongest behavioral analysis engine on the planet," Padon said. But testing each app on a real, human-operated device is still the best way to detect malware, he said.

Google didn’t comment on this story. However, it’s latest Android security report, published this week, does say: "no review process is perfect."

Each month, the Play store will add 40,000 or more apps, according to AppBrain. Managing that business while keeping the software malware-free is no easy task. Automated testing is the best bet to scan all those apps in a time-efficient way.

Nevertheless, the security of Android has often been compared to Apple’s iOS, and the result hasn’t always been favorable. Unlike iOS, which is under the control of Apple, the Android operating system is fragmented across numerous handset vendors, some of which struggle to keep the software securely patched.

That’s made Android, and the Google Play store, worthwhile targets for hackers.

"Since most users expect the apps in Google Play to be clean, they’re left vulnerable, making it easy for the malware to infect a massive number of users at once," said Rowland Yu, a researcher with security firm Sophos.

In the past two years, there have been more than two dozen malware strains found slipping into the Google Play store, according to his research. To try and popularize the malware, hackers will make them look like games, utility apps like energy savers, or drum up fake reviews for them.

Fortunately, when Google detects any malware, it will quickly pull the apps from the store, and sometimes ban the developers involved, Yu said. But he doesn’t see an end to this cat and mouse game. Like Padon, Yu points to machine testing.

"Google heavily relies on machines to test and review the safety and security of apps," he said. "Only a small number of suspicious apps are actually handed over for human review."

screen shot 2017 03 24 at 8.50.44 am Google

Install rates for potentially harmful applications and unwanted software on Android devices are higher when users download from third-party app stores, according to Google.

However, even as malware occasionally slips by, Google is making progress at detecting it faster once it's downloaded, in part with a feature in Android devices called "Verify Apps." It will scan the software over a phone to make sure the apps are behaving safely. If they aren't, the security feature can have the offending apps removed.

"Verify Apps conducted 750 million daily checks in 2016," Google’s security researchers said in a blog post. This helped the company reduce malicious app installation last year.

Andrew Blaich, a security researcher at mobile security firm Lookout, said the malware situation on Google Play isn’t the pandemic that can be found on some third-party Android app stores, which often do less vetting.

"The safest assurance you have to minimize your chance of malware on your Android device is to use the official Google Play store," he said.

Security researchers also advise users to always look at the user reviews for an app. Bad reviews can be a sign that the app is malicious in some way.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments


James Cook University - Master of Data Science Online Course

Learn more >


Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >



Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?