While I’m willing to bet that you probably haven’t downloaded any adware from the Google Play Store recently, a new report from ESET indicates that various Android users have downloaded 42 different adware-filled Android apps more than eight million times in total. So, just in case, here’s what’s going on—and a list of all 42 apps you should remove from your phone, if you were suckered into installing one.
According to ESET, these apps—a subset of which had been active on the Google Play Store since July of 2018—all appeared to be normal apps at first glance. Unlike previous adware-filled apps we’ve reported on, the ones that try to trick you into thinking there’s something wrong with your device, these apps all “work.”
I put that in quotes, because their main purpose isn’t to help you track how much water you drink or allow you to make neat ringtones. These apps might have basic functionality, but they all start communicating back to a command-and-control server when you run them, which configures the apps’ attack patterns to fit match your device (and other apps you have installed on it, like Facebook Messenger). Once they have their marching orders, the apps employ a number of creative techniques to stick themselves on your device and serve up annoying full-screen advertisements. As ESET describes:
First, the malicious app tries to determine whether it is being tested by the Google Play security mechanism. For this purpose, the app receives from the C&C server the isGoogleIp flag, which indicates whether the IP address of the affected device falls within the range of known IP addresses for Google servers. If the server returns this flag as positive, the app will not trigger the adware payload.
Second, the app can set a custom delay between displaying ads. The samples we have seen had their configuration set to delay displaying the first ad by 24 minutes after the device unlocks. This delay means that a typical testing procedure, which takes less than 10 minutes, will not detect any unwanted behaviour. Also, the longer the delay, the lower the risk of the user associating the unwanted ads with a particular app.
Third, based on the server response, the app can also hide its icon and create a shortcut instead. If a typical user tries to get rid of the malicious app, chances are that only the shortcut ends up getting removed. The app then continues to run in the background without the user’s knowledge. This stealth technique has been gaining popularity among adware-related threats distributed via Google Play.
If you have any of the following apps installed on your device, you’ll want to hit up Settings > Apps & notifications > See all [#] apps, tap on the offending apps in question, and uninstall them from your device. (Depending on your Android device, your path to getting to this screen might vary.) Don’t just uninstall the apps from your launcher by dragging them, as you might only remove a shortcut to said app (if you aren’t paying attention).
Thankfully, while the aforementioned adware is annoying, it’s unlikely to harm your device beyond wasting your battery and potentially sending data about you to something, or someone, you don’t know anything about. These apps won’t steal your passwords, but they will piss you off—and for that, they don’t deserve space on your phone. Google has also removed them from the Play Store, but that doesn’t mean an automatic deletion from your phone.
As always, the best way to avoid apps like these is to first consider whether you truly need the app in question. Is there a better alternative? More importantly, is there an alternative that’s already been downloaded by a ton of people, vetted by third-party sources, or has a long history of great reviews? Shoot for those apps instead of these weirdly named one-offs with suspect descriptions and reviews, and odds are good you’ll avoid most adware on your device.