Update 11/06/2017
According to media reports, fraudsters managed to get fake WhatsApp apps published in Google’s Play Store. One of these fake versions has already fooled more than 1 million users to download the app. Don’t fall for it!
Original post
After the eight hijacked Chrome extensions that were pulled from Google’s browser webstore at the beginning of the month, Google now removed over 500 apps with more than 100m downloads from its Play Store. That’s a rather high number, especially if you’re considering that they have been removed all at once. So what happened?
Beware of SDKs bearing gifts
If you know apps, you know that app developers usually try to make at least some money out of them – and one of the most common ways to do so is to deliver advertisements to customers in order to generate revenue. Igexin, a Chinese-made software development kit (SDK), promises developers to help with exactly that by making it easy to perform targeted advertising services. Sounds good, right?
But all was not good. Researchers at Lookout started to investigate some suspicious traffic Igexin was creating by downloading large encrypted files from servers that were known to have dished out malware in the past.
“This sort of traffic is often the result of malware that downloads and executes code after an initially “clean” app is installed, in order to evade detection,” says Lookout in their blog article. With other words, the SDK could have easily been used for malicious activities, making the users its victims and siphoning their personal data.
More than 500 apps compromised
The only two compromised apps mentioned by name were Lucky Cash with more than 1 million downloads and SelfieCity which was downloaded more than 5 million times. Other apps include games targeted toward teens, weather apps, photo editors — you name it. All in all the vulnerable apps were downloaded more than 100m times.
There is no need to be worried though: as soon as Google was informed about the apps, they were pulled from the app store and their developers were informed.
Does that mean the story gets a happy end? Well, kind of. You can be sure though that incidents like this will increase rather than decrease and that you will not always be that lucky. That’s why it is important to also make sure your mobile devices are as secure as possible and have an up to date antivirus installed.
This post is also available in: Italian