Google Play Store Quality Problems: Over 2,000 Malware-Laden Counterfeit Apps Served to Android Users

If you thought that the quality control issues plaguing the Google Play Store for Android were finally being ironed out, it couldn't be further from the truth. A two-year-study has come to the conclusion that there are 2,040 malware-laden counterfeit apps in the Android app store, Google Play. According to researchers from the University of Sydney and CSIRO’s Data61, who investigated more than a million apps available on Google Play, over two thousand of those apps impersonated popular games and had malware. The paper, A Multi-modal Neural Embedding Approach for Detecting Mobile Counterfeit Apps, was presented at the World Wide Web Conference in California in May documenting the results.

There were yet other apps that, though malware free, requested 'dangerous' data access permissions. According to the story published in Computerworld, researchers said games including Temple Run, Free Flow and Hill Climb Racing were the most commonly counterfeited apps. For the study, the researchers used neural networks to identify visually similar app icons and partially plagiarised text descriptions of the top 10,000 most popular apps in the Play Store. It brought forward 49,608 potential counterfeits, which were then checked for malware using private API of online malware analysis tool VirusTotal. This left them with 2040 high-risk fake apps.

The study also found that 1,565 asked for at least five dangerous permissions and 1407 had at least five embedded third-party ad libraries.

Speaking about the study, co-author Dr Suranga Seneviratne from the University of Sydney said, "While Google Play’s success is marked on its flexibility and customizable features that allow almost anyone to build an app, there have been a number of problematic apps that have slipped through the cracks and have bypassed automated vetting processes.” Once the apps were discovered, around 35 per cent are no longer available in the Play Store, “potentially removed due to customer complaints”.

Google on its part says it now removes malicious developers from Play much faster, and last year stopped more malicious apps from entering the store than ever before.