Every so often, we report on discoveries from security researchers who warn of newly identified batches of bad Android apps, often only after they’ve racked up millions of downloads. Back in September, for example, we mentioned this discovery by researchers at Wandera of a group of apps that requested sketchy permissions and included intrusive ads, among other problems, while garnering more than 1.5 million downloads before Google booted them from the Play Store.
It’s a constant game of Whack-a-Mole Google has seemed content to play when it comes to its app store. The bad stuff keeps sneaking in. Google kicks it out after-the-fact once it’s identified (often by third-parties). Rinse, repeat. But maybe now that pattern will start to change a bit.
Google is hoping to step up its security measures in this ongoing fight via a new effort it’s set up called the App Defense Alliance along with security firms Lookout, ESET, and Zimperium. In a post on the Google Security Blog, the search giant notes that as part of this new alliance “we are integrating our Google Play Protect detection systems with each partner’s scanning engines. This will generate new app risk intelligence as apps are being queued to publish. Partners will analyze that dataset and act as another vital set of eyes prior to an app going live on the Play Store.”
Google says it hand-picked the security firms that are part of this alliance based on their success in finding potential threats themselves and in improving the overall mobile app ecosystem. The alliance partners use a combination of machine learning and static/dynamic analysis to detect abusive app behavior, and “multiple heuristic engines working in concert will increase our efficiency in identifying potentially harmful apps,” Google’s announcement of the alliance continues.
All of this comes, of course, not a moment too soon. Coincidentally in tandem with Google’s announcement, Wandera researchers on Wednesday reported the discovery of seven apps on the Play Store which contain so-called “dropper malware.”
“The dropper apps are designed to download and install APKs from a GitHub repository, essentially opening a backdoor on the device for any new application functionality to be installed. In the case of the seven apps, the APKs being installed include adware, a form of malware that violates the policies of the Google Play Store,” Wandera noted about the apps, which have been removed by Google and include the following:
- Magnifying Glass
- Super Bright LED Flashlight
- Magnifier, Magnifying Glass with Flashlight
- Super-bright Flashlight
Developer: iSoft LLC
- Alarm Clock
- Free Magnifying Glass