A stack of dodgy apps have been identified in the Google Play Store. The apps, discovered by Sophos, have since been taken down but were downloaded by millions of users before Google took action. Here’s the list.
These apps all look legit on the surface but they’ll suck the juice out of your phone’s battery and load invisible ads. Not only do you need to rush to the charger more often but advertisers are being duped into thinking people are clicking on their ads.
Some are exceedingly popular and started out as genuine apps but were ‘Trojanised’ by a third party. For example, a flashlight app dubbed Sparkle FlashLight was downloaded over a million times alone. Here are the names to check against your installed apps list.
Remove these apps now:
- AK Blackjack
- Animal Match
- Box Stack
- Cliff Diver
- Color Tiles
- Jelly Slice
- Join Up
- Just Flashlight
- Math Solver
- Neon Pong
- Roulette Mania
- Snake Attack
- Space Rocket
- Sparkle FlashLight
- Table Soccer
- Tak A Trip
- Zombie Killer
The developers were clever. When the apps ran, they opened a hidden browser window that loaded the ads and then interacted with them, making advertisers think they were reaching potential customers.
The users of the apps were none the wiser as all the interactions were hidden from sight. Unless you were tracking memory, processor and power use closely, there was no way to see what was going on.
One of the best things about Android ecosystem is also one of its biggest challenges. While its openness means we can install pretty much whatever apps we want without all that pesky interference from an app store, it also means there's a relatively easy avenue for malware to infect your device. So, like the PC world, security software is a good idea. But it seems the Android security software business is more about making money than offering real protection according to some independent research.Read more
There are lots of lessons to take away from this. It’s tempting to install apps that augment the functions of existing apps. For example, there’s the flashlight app and I’ve seen some nasty malware hidden in an ‘enhanced’ camera app that could capture video and audio without your knowledge and transmit it to an FTP server without you ever knowing unless you checked your data usage closely.
The default apps that ship with Android are pretty good and there’s not a lot of need to get augmented versions.
When you install a new app, pay close attention to whether your device runs a little hotter or if battery life takes a hit. If that happens, ditch the app.
It’s also worth setting aside a few minutes each week or so to look at the apps you have installed on your devices and remove any you’re not using. You can find out more about the latest offenders over on Sophos’ blog.