Google’s Play Store has come under fire in recent weeks over reports that keep stacking up about malicious apps that have snuck past the security checks of Google’s app marketplace only to be identified later and summarily booted from the Play Store — but not before amassing what are in many cases millions of downloads and no doubt causing significant damage behind the scenes. Still, there are far sketchier places where users are downloading Android apps, and a new report identifies what may be the most dangerous yet.
RiskIQ has published its 2019 Mobile App Threat Landscape report, which pegs 9Game.com — a mobile app store offering free Android game — as the most dangerous such store, and, in fact, the home of the most malicious apps for all of 2019. According to the report, there were almost 62,000 new malicious apps uploaded to the store in 2019, putting 9Game at the top of the list of stores with the most new malicious apps but also at the top of the overall list of stores with the most sketchy apps in total. There are also hundreds of other less-than-reputable app stores like this one, the report warns, which “represent a murky mobile underworld that exists outside of the relative safety of reputable stores. With many of these apps found in stores hosted in countries known for cybercrime, such as China, or outside of stores altogether on the open web (often referred to as feral apps), it’s no wonder CISOs can’t keep tabs on them.”
Before diving into the report’s findings, it’s probably worth noting right off the bat that the RiskIQ researchers found that the overall app security landscape is continuing to improve. Apple treats its own App Store like, to quote the report, “Fort Knox,” while Google’s security controls are getting better, despite too many sketchy and downright dangerous apps still being able to sneak into its store.
Because those two leading app stores are so proactive about trying to keep their stores free of bad apps, that forces the bad guys to find other outlets where they can hide their wares. Here’s a look at the mobile app stores which the RiskIQ team pegged as the source of the most malicious apps last year:
It’s always a good practice to only download apps from sources that you know and trust — and seeing numbers like those above from a source like 9Game and the others should definitely give anyone pause.
Other highlights from last year, per RiskIQ, include the fact that millions of Android users were still tricked into downloading any of several dozen adware apps from the Google Play Store, which the report notes included both utility apps as well as games. Those apps served up deceptively displayed ads, including full-screen ads, as well as hidden ads, and ads running in the background. The endgame was (and is) for these kinds of apps to be able to essentially monetize unsuspecting users.
The report concludes with some tips to remember: “Luckily, some of these malicious lookalike apps are easy to spot. One potential giveaway is excessive permissions, where an app requests permissions that go beyond those required for its stated functionality. Another is a suspicious developer name, especially if it does not match the developer name associated with other apps from the same organization. User reviews and number of downloads, where present, also help to give some level of reassurance that the app is legitimate.”