Google Play's new app checkers bypassed by aggressive adware apps

Lookout Mobile Security spots 12 versions of 'NotFunny' adware, downloaded 130,000 times

Aggressive adware is still finding its way on to Google's Play store according to one security firm despite claims by the software giant that it started using in-house experts to more reliably vet new apps some months ago.

Lookout Mobile Security said it noticed 13 examples of adware and malware-like apps on Play in recent weeks which vary in their severity. It's still hard to fathom why a user would want to download any of them given their documented behaviour nor why Google didn't detect and block them.

In 12 cases the offender was something called 'NotFunny' which poses as a variety of apps including Facebook and other utility widgets to attract interest before hiding its icon from anyone who installs it.

The motivation is to push ads at the user that can't easily be stopped. This particular app nuisance was being pushed from several developer accounts that might or might not be connected to one another.

A second and rarer example was 'HideIcon' which poses as a card game and then, as its name suggests, hides its icons from the user as a ploy to push more ads. Not only does it have no embedded terms of service -a serious no no - but was apparently removed from Play by Google several times before sneaking back on, Lookout said.

According to the firm, various incarnations of NotFunny had been downloaded at least 130,000 times globally and possibly up to 500,000 times. HideIcon was much lower at only 1,000 to 5,000.

On Tuesday, Google confirmed that it has in recent months been using staff to manually check apps before they appear on the site in an attempt to clamp down on rogue apps. Previously it had been using automatic systems to do the same job but this proved fallible.

"This new process involves a team of experts who are responsible for identifying violations of our developer policies earlier in the app lifecycle," said Google its Develop blog.

Reaction to the news was mixed. "While Google's announcement is welcome, this is not the end of the issue because of the rise in popularity of third party Android app stores," commented Roy Tobin, a threat researcher with security firm Webroot.

"Unlike iOS, where apps can only be downloaded from the iTunes store, Android devices allow third party stores where there are even fewer security processes in place."

In fairness to Google, the apps mentioned by Lookout are mild compared to the rogue apps that regularly found their way on to Google when the store started life. Google's vetting has improved dramatically in a matter of a couple of years although some still question the intrusiveness of many legitimate apps.

Google also said would introduce an age-rating system whose labelling would depend on local classifications - since 2009 the UK has used Pan European Game Information (PEGI) ratings that divide all software and games into age categories 3 years, 7 years, 12 years, 16 years and 18 years.

"To help maintain your apps' availability on Google Play, sign in to the Developer Console and complete the new rating questionnaire for each of your apps. Apps without a completed rating questionnaire will be marked as "Unrated" and may be blocked in certain territories or for specific users," said Google.

From May developers who don't fill in this rating form for each app will not be able to post it on the site.

Join the CSO newsletter!

Error: Please check your email address.

Tags Android OSGooglesecuritymobile securityLookout Mobile SecuritymobilemalwareFacebookmobile applications

More about FacebookGoogleWebroot

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place