Google Removes 500 Android Tracking Apps with 100 Million+ Combined Downloads from the Play Store
Google has completed one of the largest app store purges in company history. The company recently removed 500+ apps from the Google Play Store after they were found to be illegally tracking Android users.
The apps had a combined total of 100 million+ downloads. Unlike previous spyware app purges, which remove apps few people had downloaded or heard of, these apps had been downloaded millions of times around the world.
In many cases, the developers of these apps had no idea their platform was being used for malicious purposes. The apps used an advertising software development kit (SDK) that secretly stole data from users’ smartphones.
A total of 500 Android apps were found to have used the SDK, which means they were secretly distributing spyware to users.
We always tell users that to avoid tracking software, you should only download popular apps from reputable developers with an established reputation. However, if you followed that advice with these latest apps, then you still wouldn’t have been able to avoid the spyware.
The Spyware Was Found on a Photography App With 5 Million+ Downloads
A number of major apps were affected by this latest leak. Researchers at Lookout described two specific apps.
One app, a photography app called SelfieCity, had been downloaded over five million times. Another app called LuckyCash had been downloaded over a million times.
Both apps have since been updated to remove the spyware. Other apps were not individually identified. However, Lookout claims the other apps included a game targeted at teenagers with over 50 million downloads, a weather app, and a photo app – both with 1 to 5 million downloads.
The apps spanned multiple industries, including educational, gaming, health and fitness, photography, and more.
Regardless of the industry, apps across the Play Store were found to be infected with the dangerous spyware.
Tracking Software Has Been Traced Back to China
Does having Chinese spyware on your phone make you uncomfortable? This latest spyware issue is called Igexin. It’s of Chinese origin. The purpose of the spyware is to promote services based on gathering intrusive data about the individual – like their salary, income, location, and interests.
In many cases, this information wouldn’t show up on conventional advertising networks because it’s been illegally collected. Igexin monitors your phone activity to know more about the individual user than any other advertising platform.
Lookout security researchers only spotted the problem when they reviewed other apps that communicated with IP addresses in China, then realized those same IP addresses were linked to the Igexin adware.
The Spyware Recorded Call Details
The spyware was mostly designed to collective advertising data. However, the spyware was also found to be performing log exfiltration functions, which means spyware authors could get away with all types of user data.
Furthermore, the spyware was found to be tracking phones using PhoneStateListener, a legitimate Android function that records details about calls.
Ultimately, all infected apps have either been updated or removed from the Google Play Store. However, this is a scary example of how Android’s walled garden approach to security isn’t always 100% effective – and even downloading popular apps with 50 million+ downloads could leave users vulnerable to SMS and phone tracking.