Three adware-serving Android apps on Google Play reach millions

At least three apps on Google Play have slipped through Googlersquo;s checks and are pestering millions of Android users with adware.

Among Googlersquo;s developer terms regarding its system interface is that ads ldquo;must not simulate or impersonate the user interface of any app, or notification and warning elements of an operating system.rdquo;

While Google does vet apps for this behaviour before allowing them on Google Play, several apps available on the app store are doing just this.

Google Play users reported three apps that contain adware in January on a security-related forum. As one video of the adware demonstrates, upon unlocking a Nexus 5 with the adware-loaded app installed, an ldquo;urgentrdquo; system notification advises them to click OK to ldquo;fix your internetrdquo;. It suggests the Opera Mini browser to resolve the bogus issue, but then redirects them to a different app on Google Play that purports to fix other issues.

The apps are currently more of an annoyance to users than a serious security threat, but until Google removes them, they could be adapted to lead Google Play users to more malicious apps.

Malware analysts from security firm Avast have poked around the three apps on Google Play that display this behaviour, which includes Durak, an English-language card game app with as many as 10 million installations by Google Play counts.

The others, with lower counts, are a Russian language IQ test app and a Russian history app.

All three are still currently available on Google Play and theyrsquo;re also directing users to potentially malicious apps outside of Googlersquo;s app store.

The apps fly under the radar by behaving in a way that complies with Googlersquo;s terms for around 30 days before showing its true adware colours, Avastrsquo;s mobile malware analyst Filip Chitry noted.

It may also explain why Google didnrsquo;t detect the apps before allowing them on its app store.

A spokesperson for Avast told CSO Australia that the company had reported the suspect apps to Google.

They also said the apps are pushing ads randomly to the user from three legitimate mobile advertising companies, including Twitter-owned MoPub.

ldquo;It constantly checks for new ads on the servers of those companies, in order to show them to the user,rdquo; Avastrsquo;s spokesperson said.

MoPubrsquo;s own policies prohibit ldquo;any creative that a user might mistake for an OS- or application-level notification rather than an advertisementrdquo;.

CSO Australia has asked Twitter for an update on the issue and will adjust the story accordingly if and when it receives a response.

Google updated its app sore developer program policies in 2013 to prevent in-app ads from abusing system notifications, along with other changes to clean up its marketplace.