Researchers from the University of Sydney and independent Australian federal government agency CSIRO’s Data61 have discovered 2040 malware-laden counterfeit apps on Google Play Store. The team said that for two years, they investigated more than a million apps available on the Android app store. Researchers also found that some fake apps were malware-free but requested “dangerous” data access permissions. Games like Temple Run, Free Flow and Hill Climb Racing were among the most commonly counterfeited popular games.
The researchers used neural networks to identify visually similar app icons and partially plagiarised text descriptions of the top 10,000 most popular apps on the Play Store. The technology shortlisted 49,608 potential counterfeits – that is approximately five counterfeits for one app. These apps were then checked for malware infections using the private API of online malware analysis tool VirusTotal. The tool threw up 7246 apps, out of which researchers shortlisted 2040 high-risk fake apps on the basis of their ‘relaxed threshold’.
As mentioned, the team also took into account the permission requests by the apps and embedded ad libraries. They found that 1,565 apps asked for at least five dangerous permissions, and 1407 had at least five embedded third party ad libraries.
“While Google Play’s success is marked on its flexibility and customisable features that allow almost anyone to build an app, there have been a number of problematic apps that have slipped through the cracks and have bypassed automated vetting processes. Our society is increasingly reliant on smartphone technology so it’s important that we build solutions to quickly detect and contain malicious apps before affecting a wider population of smartphone users,” study co-author Dr Suranga Seneviratne from the University of Sydney, was quoted as saying.
Google, for its part, is taking measures to remove malicious, counterfeit apps from the Play Store. According to the company, the number of rejected app submissions increased by more than 55 percent in 2018, and app suspensions swelled by more than 66 percent. “These increases can be attributed to our continued efforts to tighten policies to reduce the number of harmful apps on the Play Store, as well as our investments in automated protections and human review processes that play critical roles in identifying and enforcing on bad apps,” Andrew Ahn, Google Play Product Manager, said in a blog post in February.