Millions of Android Devices Infected by Malicious Apps

Lest there be any doubt that Android is the new Windows, Google has just pulled three adware-distributing apps from its Play Store, but only after several millions devices were infected. The search giant finally removed the apps after security firm Avast alerted it to the dangers, but there is evidence that Google knew about the suspicious apps for weeks.

In a somewhat self-serving post in which it also promotes its Android security app, Avast explains how one of the three apps functioned.

“It seems to be a completely normal and well working gaming app,” Avast’s Filip Chytry writes. “This impression remains until you reboot your device and wait for a couple of days … Each time you unlock your device an ad is presented to you, warning you about a problem, e.g. that your device is infected, out of date or full of porn … You are then asked to take action. However, if you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value.”


Sponsored Content

Devolutions Remote Desktop Manager

Devolutions RDM centralizes all remote connections on a single platform that is securely shared between users and across the entire team. With support for hundreds of integrated technologies — including multiple protocols and VPNs — along with built-in enterprise-grade password management tools, global and granular-level access controls, and robust mobile apps to complement desktop clients.

It’s a classic adware scheme in other words, one that relies almost solely on social engineering. But in a case like this, it falls on Google, as the arbiter of the platform’s app store, to ensure that the apps it approves meet criteria for reliability, usability and, yes, security. That’s the benefit of any first-rate mobile app platform, whether it’s from Amazon, Apple, Google, Microsoft or any other company.

Avast doesn’t address that issue, though it notes that one of those apps was downloaded between 5 and 10 million times.

But the three apps that Google just pulled—an English language card game, and an IQ test app and history app aimed at Russian speakers—were clearly suspicious and should have been caught during Google’s app approval testing process. And according to feedback in Avast’s forums, Google had been fielding complaints about these apps since last month. Worse, users examining the apps’ package files were able to easily identify the malicious bits, including the timer for when the app starts displaying bogus pop-ups on the device. This behavior wasn’t even well-hidden.


Maybe it’s time for some kind of a security overhaul of the world’s most popular mobile computing platform. Google might give it on obvious name. Something like, oh I don’t know, Trustworthy Computing.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.