Google Play Apps Laden With Ad Malware Were Downloaded By Millions Of Users

from ars technica

This week, Symantec Threat Intelligence’s May Ying Tee and Martin Zhang revealed that they had reported a group of 25 malicious Android applications available through the Google Play Store to Google. In total, the applications—which all share a similar code structure used to evade detection during security screening—had been downloaded more than 2.1 million times from the store.

The apps, which would conceal themselves on the home screen some time after installation and begin displaying on-screen advertisements even when the applications were closed, have been pulled from the store. But other applications using the same method to evade Google’s security screening of applications may remain.

Published under 22 different developer accounts, all of the apps had all been uploaded within the last five months. The similarity in coding across the apps, however, suggests that the developers “may be part of the same organizational group, or at the very least are using the same source code base,” May and Zhang wrote.

Most of the applications claimed to be either photo utilities or fashion-related. In one case, the app was a duplicate of another, legitimate “photo blur” application published under the same developer account name—with the legitimate version having been featured in the “top trending apps” category of Google Play’s Top Apps charts. “We believe that the developer deliberately creates a malicious copy of the trending app in the hope that users will download the malicious version,” May and Zhang concluded.

More here.

, , ,

19 Responses to Google Play Apps Laden With Ad Malware Were Downloaded By Millions Of Users

  1. Jackson Beltrandi October 3, 2019 at 4:21 pm #

    In today’s news, another reason not to get an Android. Not only is it that the camera provides fewer clear images, the texts are that ugly green color, but their programming can be easily infested with malware and viruses. The iPhone, unless jailbroken, is typically virus free. The operating system, iOS, does not let apps penetrate the same coding system as the Android does. Apple creates a restricted space for apps, so there is very little communication between applications and the operating system. Also, you can only download approved apps from the App Store, which means that viruses can’t just appear from web downloads or apps.
    Unfortunately, the Android store is the Google Play Store, which right of the bat does not sound great. As Professor Shannon has stated many times before, Google tracks our data and that information ends up where no one can trace it. To publish your own application on the Google Play Store, you simply have to set up the basics (language, graphics, settings) of your app and send it in for “testing.” This article highlights the weakness that Androids have, pretty much anything can get onto the device and cause it to get a virus or malware. On Google Support, there actually is no header that describes the testing an app must go through to get published. I think that is where the problem lies. The google Play Store is so concerned with getting people excited to publish an app, that there is actually little information on what restrictions there are to the apps or protection from malware. When comparing to the iPhone, the first header on their publishing website is to review the guidelines. In their guidelines, they mention their first sub header, safety. This section includes content, data security, software requirements, and hardware compatibility, among many others. The App Store has clear guidelines and requirements to upload an app so that no apps can attack the iOS operating system of that Apple device.
    The difference between how the Google Play Store and Apple Store operate is quite simple. Apple has strict guidelines for coding and software so that these applications can’t attack the operating system. On the Google Play Store, fun and advertising is more preferred than user safety. It was easy or the app developers to create malicious content by violating the Android’s app coding requirements

    • Christopher Bagnell October 11, 2019 at 7:35 pm #

      Every year there is a scam or virus that goes through the IOS and Android system interface. More so recently android has been getting these scam apps being published in the play store. For the most part, Google and Apple have been very good with keeping their firewalls up to date. But the hackers are always looking for new ways to get into their secure system and exploit it with advertisements and viruses. The apps were designed to look like common apps in the fashion and photo editing genre. Once they are downloaded, they don’t do anything until opened. Once opened, they send a signal to whoever created the app and it automatically starts with advertisements on the phone. These apps would then disappear from the app menu making users not know what is causing the problem. The malicious apps gave the creators a lot of money through ad revenue at the cost of the user’s device security. It is unfortunate that this is happening to the Android interface. They used to be far behind from competition such as Apple but now are competing at the same level as them. Small setbacks and bad news like this give the Android interface a bad sense that isn’t true. Places and software companies will always have people trying to break in physically or virtually. The only thing they can do to prevent it is to upgrade and routinely check their security.

  2. Caitlyn M October 3, 2019 at 6:20 pm #

    This was actually not the first time that I had heard about malicious software on the Google Play store. Earlier this week I received a warning from the Google Play Store that I had downloaded an app that was unsafe, and that it was attempting to attack my phone’s internal system. I thought that this must have been an error, given that the app in question I had installed over one year prior to the warning. But upon going to the app’s Google Play page, I saw that the developer had issued a statement claiming that the attack was coming from a third party that had managed to hack into their system through a bug in their software. Within hours they had found and removed the bug, and Google no longer flagged it as an unsafe app. However, I had already uninstalled the app when Google issued me the warning, and I have absolutely no plans of reinstalling it now that it’s safe.

    It’s a scary thing to think about hackers getting access to a safe app and causing it to become unsafe. But it’s also scary that they could create clone apps that appear just like the safe ones, so you would never guess that anything was wrong with them until after you have already installed it. I think that if an app I had just downloaded suddenly disappeared from the home screen, there’s a good possibility I may just forget about it. If that occurred, there’s no telling how long I would be spammed with ads that I didn’t know the true source of. Further still, there’s no telling how long it would take me to finally get rid of it. If it was gathering data on me and selling it to third parties, there’s a chance it could end up with months or even years worth of private data from my device. The possibility of that happening is enough to make me wary of downloading anything new off the app store for a long while.

    I think Google should be held accountable for this happening. Malicious apps should never be able to be downloaded from the Google Play store. Google should screen every app that developers attempt to put on the Google Play store so that consumers can be certain that every app that they download is safe. In addition, I think that Google should require app developers to be vigilant with the coding of their own apps so that way the bug in the app that I had previously downloaded would have been found and resolved before it was exploited by a third party.

  3. Joe Antonucci October 3, 2019 at 7:46 pm #

    It is becoming more and more obvious in cases such as this one that the big tech monopolies are not very adept when it comes to protecting the data and general privacy of its users. When it’s not clumsy errors such as this one, it’s outright malicious actions. Facebook is known to steal and sell the data of its users away, and Google amended its privacy policy back in 2012 to specifically allow for the “sharing” of the data of Google users across various platforms.

    Ignoring privacy, these companies place a great deal of emphasis on censorship. This is evident with the widespread use of shadowbans, outright bans/suspensions, “trending” or search result manipulation, and other similar tactics across their respective platforms.

    Based on the nature of this particular case, it seems that the people behind the malicious app were in the business of making money off the malware’s forced advertisements, but a loophole such as this one could have just as easily been exploited to steal the private information of the users who downloaded it. Could this have included contact information, text messages, and credit card numbers? We can only hope that we never find out, assuming this does not happen again after Google amends its anti-virus screening for applications uploaded to its stores.

    It is no surprise that this incident occurred on Androids, which undeniably seems to be the type of phone most susceptible to malware, compared to its adversaries at Apple. iPhones generally do not have any issues with malware, as the iOS operating system is harder to breach. Although this does not mean iPhones are not without privacy flaws, it’s a factor that consumers should be considering more and more: does this phone have good privacy barriers? The average Joe may not care much about this question, but does a high level business executive want to be using a phone that can easily be remotely hacked over WiFi or breached using an email virus of some kind? It is also worth noting that these schemes will get more elaborate, as we see in this case, and “normal people” will be affected.

    The final item of note here is that the malicious apps were not downloaded from a random website — they came directly from the Google store! Everyone understands that randomly downloading things online comes with a risk, as the entire Internet cannot be monitored to prevent the spread of viruses. The Google store, however, guarantees a degree of security to its users that apps found on the store are vetted and known not to contain malicious content. This episode should certainly function as a wake-up call to people to be more careful about what they download, even if it is found on a credible platform.

  4. Victoria Balka October 3, 2019 at 10:32 pm #

    These apps that were available for download from the Google Play Store, show a problem that is present in Google’s system. Since Google has let these 25 apps into the app store to be downloaded by 2.1 million people, it shows that Google does not have a fool proof way of checking that the apps in its store are not malicious. To stop this problem someone needs to shut down the code group or the code source base where these developers who are making these apps got their coding from. Since these apps are able to display ads on the phone’s screen without the app being opened, it shows that the app was made with the purpose of displaying as many ads as possible so the app can make a large profit off of ad revenue. With these apps copying the looks of other popular apps, it shows that the developers of the app did not have pure intentions while creating the app and were trying to gain downloads from naive people who think they are getting the popular app. With most of these apps being in popular app categories, it is easy for people to download them thinking that they are getting what they want, but instead they are getting a bunch of random ads even when the app is closed. This shows a major problem with app developers caring more about the profits they make instead of the service that they are providing to the people.
    I think that these apps are dangerous for the consumer and measures should be taken to prevent apps like this from being available in the app store. Since these apps would hide on the Android users home screen, they would get these mysterious random ads without knowing what app it came from and the ability to easily delete that app. One way that Google can help prevent apps like these from being on their app store in the future would be a trial period. Google can put these apps that seem suspicious on a phone and see of it eventually leads to random ads appearing without an app being in use. Another way Google can try to prevent this from being a problem with future apps would be looking at the apps code and seeing if it had any similarities to the codes that were on these 25 apps. If they found the code to be similar or that the app allowed for ads to appear without the app being open, Google would not allow these apps on its store. Google allowing these apps onto its app store show that Android phones are able to have malicious apps downloaded directly from Google.

  5. Alexander Nowik October 4, 2019 at 2:36 pm #

    One of the biggest criticisms you hear about Android phones is that they are reliant on Google. Whether they are Samsung or LG they use Google apps to perform their major functions. As such, it is a reasonable claim that Android phones are not very private, and as this article points out, not exactly safe either. I do think this article exaggerates the effect of these Apps however. 25 seems like a lot until you realize that there are 2.7 million apps on the Google Play store making them only 0.000009% of all Apps. Additionally with 15 billion downloads on the app store (2016), 2.1 million is only 0.00014% of all downloads. Another aspect of this would be that apps can only reach the top pages once they reach a certain threshold of downloads, so it’s unlikely that all 2.1 million were organic downloads. In the end does Google have to figure out ways of protecting their users, yes. People who click on suspicious website on Google might be to blame themselves, but their is an expectation of safety for an app that comes pre-downloaded on your Android device. While I do expect Google to continue to take actions to prevent malware, in the meantime this is likely going to be blown out of proportion and used as a way for people to have one more reason why “Android sucks.”

  6. Mikaela Battaglia October 4, 2019 at 4:08 pm #

    This reading brings into question a greater topic than just the malware’s ability to slip onto phones undetected. The government has no way of regulating apps and malware, and so it is up to these big tech companies to figure it out themselves. While this could have still happened under government regulation, at least the people who were invaded would know that there was more of an effort to try and prevent these issues on the government’s part, and not just the companies.
    While this reflects badly on Google Play, this could happen to any other app store and apps people download. An average person has about 80 apps on their smartphone, some are given with the phone and some are downloaded at a later date by the user themselves, based on their interests and needs. And while big tech companies claim to try and regulate these apps and filter out the bad ones, since there are so many they do not put enough effort into making sure they are secure and not slipping past the companies security regulations. And if they are slipping past, the company needs to update their security and privacy policies to reflect the malware attempting to penetrate their system.
    It seems nowadays the companies who are being invaded the most are Google and Microsoft, and not Apple. And although the reason is because those two companies are the ones that run the market now, if Apple began to ran the market all of our iPhones could soon see similar issues arise. Most people I know have iPhones, and I am sure if hackers were able to do this sort of thing and invade our phones with malware, all of the apple users will be furious. Not only are our phones being tracked for ad data anyways, but this will just be another way to expose users to unwanted ads.
    Having ads pop up on one’s phone when they are not even using the app, and then having the app turn into a ghost on the home screen seems to be just the beginning of the new malware technology. As time progresses, I am sure we will be hearing more things in the news about apps and compromised cell phones.

  7. Javier Tovar October 4, 2019 at 6:54 pm #

    As a former android user, learning about Google play apps laden with advertisement malware is very concerning. Globally, the number of android users easily surpasses the amount of apple users today. Therefore, the 25 malicious applications found on the google play store definitely have a higher chance of accumulating an insane number of victims to download the apps; they were downloaded 2.1 million times before being detected. All the apps had similar code structure that made them the ability to get passed the google play store’s security screening without detection. The apps were published under 22 different developer accounts, but the coding is so similar that it is believed that an organizational group is behind is responsible. Or there has been the same source code base being shared across the community. Either way, 25 apps were able to make it past security screenings which shows a lot about google play store’s security measures. They should obviously push for more vigorous screenings like apple or else they will lose more users to IOS.
    To fully understand why more users would switch to IOS, we must compare apple’s and android’s security measures taken when it came to their ap stores. First, there are many more reports of malicious apps in the play store than there are in apple’s app store. This is because google play has a much shorter screening period than apple’s app store. Also, google can remove the malware quickly, but it is unknown how much damage the app has done to your phone which is why it is necessary to run a full virus scan on your phone after you have removed the malware. It all begins with the freedom android has to offer its users. There is so much more customization that can be achieved on an android, which leads to more apps on their store than apple. Google play is a great place for new app developers because it can take less than 24 hours for their apps to earn their place in the google play store. On the other hand, apple is much pickier when it comes to the apps they put in their store; quality over quantity is achieved evaluation process of an app. Therefore, I am glad I made the switch to apple’s iPhone one year ago.

  8. Max Nitzberg October 4, 2019 at 8:43 pm #

    I’m astounded that Google, one of the largest tech companies in the world is still struggling to implement security of malware in their app store. Apple’s iPhone’s are almost completely immune to having malicious apps downloaded through the Apple store. This is due to Apple having way more restrictions on the apps that are allowed on their store. Apple phone’s also use their own web browser and security system to protect it from viruses and malware. Android phones on the other hand are much more “vulnerable”. The Google Play Store is much less strict on what apps are allowed to be put on the store and its a great place for new app developers to put their product on. The main problem is that the lack of strict selection of apps has lead to a known 2.1 million downloads of malicious apps through the Google Play Store. These malicious apps display on-screen advertisements even while appearing to be closed. The advertisements are hard to trace back to the app they come from, so it becomes a hassle to uninstall it. This situation had the potential to be much more serious if instead of on-screen advertisements, these apps recorded information (emails, passwords, card numbers, phone numbers) and sent them back the app developer.
    It is clear that Google has to change or update its security on the Google Play Store if it wants to retain a loyal customer base. Google does not have to stop letting new developers put their apps on the store, they just have to improve their security’s detection of malicious software. Another one of Google’s products, Google Chrome has a better job identifying malicious software if it is being downloaded through the browser, there is no reason the Play Store can not accomplish the same thing. I hope that Google takes this situation seriously and begins to invest on improving their Google Play Store security.

  9. Ryan Geschickter October 4, 2019 at 8:49 pm #

    It has become such huge problem that as technology advances so does malware and other significant blockades that cause the positives of technology to standstill and overall decrease in productivity. After reading the article, it has become truly more and more realistic that the Google play apps, (the nickname for a part of the Android app store) have become more infested with malware that is going under detective services and is corrupting individuals of the Android community which is a very tough break for the loyal. A fact that truly stands out is that 25 apps containing this malware were miraculously able to go undetected past the various screenings that are required for the Google Play store on Android. In addition, it’s also worth pointing out that because Android users are hearing the news about their app store or may have their own phone infected by the malware, they are most definitely going to lose trust in the company. Big companies that draw much more of a crowd, such as Apple, will be the ones drawing the interest of these users who have had their trust in Android sucked out of them.
    When looking at Apple, their IOS store has extreme security measures to ensure the safety of all their users to prevent against Malware issues that the Google play store and Android users are experiencing. The security measures that Apple has are to make sure that whatever the users decide to download is safe from the inside out and won’t affect the significant device that the user is controlling. If somehow the Google play store was to make a significant comeback and add to the security measures that the IOS store has then they could possibly gain their users back.
    Nowadays, it’s all about the users trust in the companies they use for their devices as technology is all about safety. While the Google play store is great for Android users, there needs to be a much-needed change in order to prevent malware from becoming an issue once again. Overall, it’s safe to say that I’m glad to be a part of the Apple community and use their products as I never need to worry about such an issue affecting me.

  10. Nicolas Mateo October 4, 2019 at 8:59 pm #

    First off, I’d like to say, this is why I own an Iphone and not an Android device. These 25 applications pose a huge threat to users, and they breed a new era of digital attacks via intriguing applications downloaded by users. While there’s no way to tell if an app is going to affect your device’s software or download any bugs, Users should be careful about how legit the apps they downloading are, and who these apps are made by. We’ve already seen similar issues with apps like TikTok using user’s data, and the old face app being able to access user’s camera rolls. The scariest part about this situation is the fact that over 2 million people downloaded these apps, that hide themselves and gain access to what’s on the user’s screen. If they can conceal the app’s icon and display ads on your screen, it can’t be much harder for these app creators to figure out how to remotely view your phone screen. Clearly Google’s security measures for checking and regulating which apps are on their store is faulty, and these policies may not even change. Therefore, the same type of cons are still looking to scam users into downloading their apps for profit off unauthorized advertising. Even in my Tiktok response I mentioned, that no matter how many issues we have with technology, there’s always room for user error. So, Users should look to see what apps they are downloading, and exactly who these apps are created by and where they’re coming from.

  11. Cole October 4, 2019 at 10:49 pm #

    Google Play App store has detected several apps that have ad malware. These apps are mimicking apps that were featured on the Google Play’s Top Apps charts. The apps once installed would begin displaying on-screen advertisements even after the applications were closed. These apps have since been pulled from the Google App store but there still may be more applications out their carrying this ad malware. The problem with these applications is the fact that they are untraceable, the ads do not trace back to the app that is displaying them giving the hacker a captive audience which they are using to generate ad revenue. Now, all these apps have been written with the same or at the very least similar source code. This has lead those who have detected these malicious applications to believe that this has been created by the same individual or organization to get advertisement revenue from companies every time they force these ads on people. The amount of times these apps have been downloaded is around 2.1 million times. These downloaded applications claim to be either photo utilities or fashion-related applications.
    With this issue arising I think that advertising companies need to restructure their policies on how they pay companies to distribute advertisements for them on applications. They should come up with creative ways to incentives companies to advertise for them with out gaming the system the way that this person or organization is doing. One way they could do this is by monitoring the means by which application companies distribute their ads especially when they are able to gain massive amounts of revenue as it appears that this person or company has done. On top of this the Google Play Store needs to ramp up their malware detection protocol. The fact that their competitor Apple iOS is able to avoid a lot of these problems is proof that it can be done. The aspect of security is a huge deal to Apple a leader in this industry, so Google should take notes and do their best to mirror the assurances that Apple is able to provide.

  12. Stephen Hoffman October 6, 2019 at 8:26 pm #

    This story is incredibly concerning, as there are seemingly more efforts to use malware for the collection of data and the increased regularity of viruses on computers and phones. Applications can be hacked into and used for malicious purposes, and many people are unaware of the negative effects of the usage of such applications, as well as unaware of how to identify the signs of the malicious apps in the first place. If this issue is going to be solved, it will likely require considerable regulation, unlikely since there are countless conditions that will prevent this from actually occurring. With a congress likely to pass significant legislation concerning the issue, app stores and major corporations like Google and Apple engaging in practices that circumvent significant legislation already in place, and the legal system moving significantly slower than the technological environment, it is unlikely that anything can change the conditions that currently exist quick enough for it to actually benefit individuals. It is very difficult for significant change to occur in such an ever-evolving space, making it susceptible to future difficulties as well.
    This is especially prevalent, as it reminds me of the situation involving the emails sent to the students at Seton Hall. Recently, the students were sent an email claiming to be from another student at SHU, offering a job to students interested in dog sitting. It was easy to identify as suspect quickly, as they offered a far too much money for only a few hours of work, but many students were convinced it was a serious offer. As a peer advisor on campus, I actually had multiple students reach out to me and ask if it was legit. In the following hours, we received an email stating that this was a phishing attempt, and that the email was a scam. If students responded to the email or clicked on a link in the article, the sender could potentially take information about their computer and data on the hard drive. This email was quickly taken down by the Seton Hall technology authorities, but the prospect of the phishing attempts was still alarming for students.

  13. Tiffanny Reynolds October 9, 2019 at 2:24 pm #

    The ad malware found in apps in the Google Play Store is a concerning issue for those users of Google and Android devices like myself. I am fortunate enough to have never run into this issue, but I understand why it is a tedious one at that. Us users of internet/apps/etc. have had enough of our fair share of advertisements, whether they be in the middle of YouTube videos, Hulu television episodes, or any time we open a new webpage or application. When we exit a website or application, we are back to our own personal device (laptop, smartphone, tablet, etc.) The fact that these applications are intruding on the owner’s home screen is not only, well, intrusive, it is an obvious sign of dangerous internet content. When the user doesn’t know where these advertisements are coming from, security becomes involved.
    The average smart device user does not know much about coding, security, etc. within smart technology, and therefore when something happens unexpectedly and out of the norm, confusion and/or fear may arise. It is unknown if this malware is truly “intended to simply generate advertising revenue for their developers” (Gallagher), or if this is an issue of hacking, and therefore gaining access to one’s Google account, which holds a lot of information (passwords, YouTube account, Calendars, Drive, etc.)
    Nowadays, there are apps created and utilized for so many reasons, from health, to gaming, to dating, and even ones you never thought were necessary like learning how to tie different knots on ropes. One can see how it’s easy for one to download a multitude of apps, easily one containing malware. I find that in these cases, it is equal parts the monitors of the Google Play Store and downloaders of apps to be conscious of what apps are being presented for download to ensure as much as possible that these situations don’t happen.

  14. Walter Dingwall October 11, 2019 at 6:19 pm #

    Disinformation, misinformation, more disinformation. There is a continuous trend of rising products and hacking operation intending to deceive the consumer, the voter, the elderly, and the rest of the lot. The apps which Sean Gallagher refers to in his Ars Technica are an example of this trend of deception. These apps are not meant to help the consumer. They do not advertise their motives (of course). They only seek the money from tricking mislead downloaders. However, it seems that the Google Play store does have the savvy technical skills to snuff out these fraudulent apps, as they have been pulled from the store.
    It is not uncommon for sites and apps to mislead the user. Its surely common for them to cover up the operations not seen by users. Sites, like Facebook and Amazon, do this while boasting some of the largest brand names in the world and some of the greatest profits from traffic and on-site interaction. These sites already do so much with the peoples’ information that goes unnoticed. Even with articles stating the use of information brokerages, or Amazon’s user-data-directed advertising, the consumer does not see their self at much risk. These companies surely have the means to ensure the safety of the users, right?
    Well, the user’s safety is not necessarily held with a prominent role on a company’s priorities. Amazon makes so much money by manipulating and recycling user data. Facebook holds a similar cache of data, being a great source to post advertisement for other companies. With data banks like these in existence, the consumer should not feel like their safety is impassible.
    An example – which seems to be relatable for so many articles – is the 2016 Presidential Election and the Russian Facebook hack. The data security failure of Facebook allowed for a great spread of disinformation. The user was left vulnerable to being misled through a system of gerrymandering and toward a series of information that discouraged certain voters from voting. The best way to prevent someone from doing something is by making the process a roundabout as possible.
    TikTok is right in many young peoples’ faces with an operation in the background to extract data from users and bring it back to China, where TikTok is based. Users are blindly shipping their “cherished” personal information. These short lived, store security bypassing apps are not of the greatest concern. The Google Play store appears to be able to handle them. It is the large, data driven sites and apps that the consumer should be concerned about. They are the ones that, when their data security is breached, or they decide to sell everyone’s information to foreign nations of influence, will put the user in grave danger.

  15. Kathleen Watts October 11, 2019 at 8:26 pm #

    This is alarming, but not at all surprising. Since computer technology picked up and began to advance exponentially, people with malicious intent went right with it, often a few steps ahead. Not only are our laws not up to date, but the companies, like Google, do not have the preparedness to foresee these things happening. This is the same story over and over again. Facebook did not release information about hacker meddling with elections in multiple countries for months. Banks and retail stores have historically not released data of hacks for months, sometimes years. Even Marriott International had an issue where the private information, including passport numbers, of millions of its customers was accessed in 2014. The company didn’t even realize what was happening until 2018, 2 years after they acquired Starwood. Like I said, this is not new. These companies are not proactive enough for us to be comfortable giving them our private information, especially given the fact that some of them are willing to sell it, or even give it away for free. During the lead up original Brexit 2016 referendum, Facebook allowed a company by the name of Cambridge Analytica to access the personal data of potentially millions of its users. They did this so that they could allow Vote Leave to target users they believed were gullible to buy into information that blatantly lied about the implications of allowing Britain to remain in the EU. This ended up with many people voting to leave despite not knowing any true reason to leave. It also deepened xenophobic and islamophobic sentiment in England. Because of this, Facebook’s CEO Mark Zuckerberg had to appear before congress to be questioned about whether or not Facebook truly was a well-meaning company. He got away for the most part because he said sorry and claimed that he couldn’t see the “bigger picture”. This marks an even more concerning problem connected to the previous one: these companies will not be held accountable or liable for things they should be. How in the world could Mark Zuckerberg not see the bigger picture when Cambridge Analytica asked to “innocently” view the personal information and data of its users? One would hope that the CEO of one of the biggest social networking sites to exist would have a little sense when deciding what to do with private information. This is why we see problems like the one stated in the article. Google, as well as other companies will continue to have problems like these.
    Why don’t they fix it? Well that answer is simple: because fixing it doesn’t make them nearly as much money as selling the product in the first place does. That is what they are focussed on. This is the same reason why our economy has begun to fail us. Companies have been becoming smart to the fact the people will continue to buy their product even if the mark the price up. You see, they have been spending millions of dollars on advertising to make sure the average American citizens feels the absolute need to have their product. Even more, as each individual company raises their prices, other companies will follow suit. If all of the jeans sold in the world cost $100/pair, people will still buy them. There a few alternatives to a nice pair of jeans. This is where price-hike regulation fails. Legislation is failing to meet with the rapid increase in technology and companies are able to get away will such price hikes, especially on new technology, because as far as anyone knows, that’s the price you have to pay for these items. Companies like Google see these malware problems like minor bumps in the road that they know will blow over before the next Google Pixel comes out.

  16. Isabella Rose Salerno October 11, 2019 at 11:10 pm #

    This week I chose to write about the article titled “Google Play Apps Laden With Ad Malware Were Downloaded By Millions of Users”. I chose to write about this article because I personally use Android products and therefore get all of my apps from Google Play. The article states that in the past few months several different developers have released over twenty apps that contain damaging malware to the device and that over two million people have downloaded these apps. It is clear that these developers did this intentionally because the apps do not initially appear to be dangerous, it is not until the app has been opened and launched several times that it starts to act up. What is also interesting is the fact that the apps and malware within them have a lot of similarities. This suggests that even through the apps have different developers listed there is likely a group of individuals behind these issues.

    Something that stood out to me as interesting was the fact that these apps are so aggressive that they not only have pop ups within the app itself, but also on the home screen of the device. To me this is one of the worst things that could happen to my phone. This is because if the app acts up when you are using it, it would be easy to tell that it was a problem and simply uninstall it and run a malware check on your phone. But when the apps and malware are so advanced that they occur independently from the app itself it might be difficult to determine which app that you have downloaded is causing the problem so that you can uninstall it.

    I really liked that this article also discussed the “why” behind the malware. So many times, I read articles about someone doing something wrong or illegal and I can’t help but wonder why they did it. Just like in a courtroom when the judge and lawyers search for motive, I think its great that this article explores that. The reason why people would create apps with aggressive amounts of pop ups and ads is because each time a user views an ad the company whose ad is displayed pays the developer for the advertising.

    This issue also calls into question one of the biggest differences between android and apple products. The Google Play Store allows anyone to create, operate, share and even sell their own apps. It allows for a greater variety of apps to chose from. While the app store used by people with iPhone is not as open to outside developers. The app store places a higher level of importance on vetting the developers and apps that they want to publish to the store. This means that people have fewer options but that the options available have been thoroughly vetted and the risk of malware is dramatically lower than with apps from google play.

    In relation to business ethics this article calls into question whether or not the google play store is doing enough to vet the apps that do come through. Allowing anyone to make an app shouldn’t mean that everything is allowed. There should be a vetting process even if it isn’t as in depth as that of iPhone. Both app stores give you information about the app before you download, such as category, whether or not there are ads, and if it’s free. But maybe this isn’t enough. If it takes almost six months of these apps to be caught and shut down it would seem that there is a major flaw in the system or perhaps that there need to be more steps in place to monitor the behavior of the apps even after they are downloaded.
    At the end of the day one thing is clear: people have very strong opinions about whether android or apple has better products, but I think that “better” is the wrong word. It boils down to what is more important to you. If you like the idea of having more options in your apps then you might prefer android. If you are more concerned about the safety of the apps that you are downloading apple might be the brand for you. Articles like this are just a great reminder of the risk that you run when going with android products and that we as consumers have to do our research about apps before simply pressing install.

  17. Rav Gill October 14, 2019 at 9:11 am #

    Imagine having an Android phone and getting a virus. And, then imagine having an iPhone and not having to worry about getting a virus. Why? Because iPhone’s are less prone to viruses than Samsungs, Androids, Google Pixel’s. Now I am not saying that that an Iphone can’t get a virus but it is going to be very hard to get a one on it because of the amount of code written to prevent you from getting onto a bad website. The fact that Google store had apps that had malware attached to it is startling because you trust them to verify these apps before they allow them in there store’s. If I was one of 2.1 million users who downloaded an app with malware on it, I would sue Google for the damage it does to my phone. In this case, a type of malware called “adware” was released through those apps into users phone’s. According to AVG, a company who sells antivirus. Malwarebytes, and other software “Thought not always malicious in nature, aggressive advertising software can undermine your security just to serve you ads…” (Fundamentals of Malware). It isn’t as harmful as you would think but it is very annoying to get a pop up every few minutes even when you have completely closed out of the app. Symantec Intelligence analysts found that a numerous amount of apps in the Google Play store had malware attached to them through code or scripts and many were removed, however, there is a chance that a large number could remain in the store. It was found that the apps “… share a similar code structure used to evade detection during security screening…” (Google Play apps laden with … users) which means the placement of these apps was purposeful. Whoever created these apps infected them and then found a way to pass Google’s screening, which is scary because of the amount business Google does with big corporations. If I can’t download an app from the playstore without having to worry about getting my phone filled with adware, then how would I continue to use Google chrome, or any of Google’s services. The apps that had malware attached to them were “Published under 22 different developer accounts …” and had “… similarity in coding across these apps” (Google Play apps laden with … users) which suggests people belonging to the same group were responsible for this. Honestly, I would be a little concerned that Google’s security has a loophole that allowed this amount of apps to be pushed through without any detection.

    As a Geek Squad agent, I always tell my clients to be careful where they are surfing the web because if you are not aware while you are online, you can easily do harm to your computer. So many clients come in saying that they paid the man on the phone money or they let someone into their computer to “help” them because they said their computer was in danger of losing files. A common theme among the clients is not being aware about how technology works, not changing their searching habits, and being on the older side. The unfortunate thing is that these clients are so worried when they come in and we try our best to make them knowledgeable on how to prevent these issues, but they come back to fast. I think we as users need to take better steps to avoid the traps these hackers place for us. Going back to the article, it said “Most of the applications claimed to be either photo utilities or fashion-related” (Google Play apps laden with … users) which means these hackers knew young people would download these apps. And, who stores the most amount of data in regards to credit cards and other things on their phones? Millenials and young adults. Now it is true that since the hackers pushed adware through the apps, they were doing it to generate revenue from the ad companies, but it doesn’t mean they couldn’t send updates through to gain client information. The thing with adware is that these hackers made it so that, users couldn’t tell what apps these ads were coming from. AVG said to be alert about where you browse because “Malware can be found anywhere, but it’s most common in websites with poor backend security” (Fundamentals of Malware) but it usually isn’t commonly found in app stores. However, when it comes to apps you just have to do a little bit more of a deep dive into them to ensure they are legit because some free one’s may be the ones with malware.

    Another user wrote that, “The Google Play Store is so concerned with getting people excited to publish apps that there is actually little information on what restrictions there are to the apps or protection from malware” (Commenter). I completely agree with them because when I did a little research as to what I would have to do to create an app and have it published in the app store, I was amazed with the lax setup. It shouldn’t be this easy to send Google something that is going to affect millions of users. In the end, users should not have to worry about malicious apps now because of the advancement we are supposed to see and have in technological security. Hopefully, Google can clean up this mess fast because they are already under investigation.

    https://www.avg.com/en/signal/what-is-malware
    https://developer.android.com/distribute/play-policies
    https://arstechnica.com/information-technology/2019/09/malicious-pop-up-ad-apps-slipped-past-google-play-security-to-reach-millions/

  18. Nicholas Luciano October 16, 2019 at 12:40 pm #

    Androids are typically more prone to getting viruses and malware in their operating systems just because of how they are set up. This goes to show that Android is not checking the code that developers are putting into the apps. There is also no procedure for checking what goes into the Google store. This could be dangerous at times and it is a good thing the developers were not after private data or any sensitive information. I have noticed in the comments, consumers getting emails about having a potential attack on their phones from apps. Sometimes having downloaded the app almost a year prior to getting notified about the attacks. This is a long time frame for developers of the apps with malware to have your data and information with your phone. Not only were some of the apps in the app store for that long of a period but it was in the top trending charts list. This meant that anyone who happened to stumble across this trending list saw the app waiting for them to download it with the malicious software.vHaving the ability to access that type of data poses a huge risk. This process of getting apps into the Google play store is something that needs to be reconsidered and re-worked. Screening of the apps that have the potential to go into app store would make me feel better about downloading apps. There could also be more apps in the Google Play store with more malicious software. Checking code should be on the top of the priority list for Google to go into more detail. If I were a consumer thinking about switching over from Apple to Google or Android, this would not make me think twice about them being an option for me.
    Apple does not have this problem with viruses, but does have problems elsewhere. Usually when you download games from the App Store they ask for a variety of information from you. Other times you do not have to consent to the information you are giving the third party developers of the apps. Games with ads are well known for this, by selling your information to third party developers. This is very profitable for the game developers by having a free game that is addictive in the app store. Playing the game and watching ads in between the games all while attaining information about you. While this is not trying to attack your phone, this is still significant.
    There are still major flaws in both app stores, whether you own an Android or Apple phone. There are areas where both companies could make their app stores a safer place. I always keep in mind that kids are getting tablets and phones at a much younger rate than what we are used to. They have the ability of downloading these apps with the malicious software without knowing. These beauty apps and photo editing could be attractive to young kids to download.

Leave a Reply