New research has identified 24 children's games and 32 utility apps in the Google Play Store that were covertly running malware that imitated user actions in order to automatically click on advertisements. All of the apps have since been pulled from the Play Store according to Check Point Research, the cybersecurity firm that released the findings, but not before they were downloaded nearly a million times. The apps gained so many downloads because they were often clones of legitimate popular games.
Tasty ad fraud — The malware, called "Tekya," took advantage of an Android function called "MotionEvent" that allows apps to describe movement events within the app. Tekya used the function to report taps on advertisements that weren't actually happening, even when users weren't actively using the apps, a potential drain on battery life. Ad networks from Google, Facebook, and others were affected — and every company whose ads were clicked by the malware effectively lost money every single time it occurred. Over potentially one million devices that could add up to a lot of lost cheddar.
Google is supposed to catch this sort of malicious behavior within apps during its submission review process, and it also has a malware-detection system in place called Play Protect that continuously scans existing apps for updates that may be harmful. Check Point Research says Tekya managed to obfuscate its code in order to evade detection, however.
Platforms are hard to police — The issue highlights that with a platform containing more than 3 million apps, Google isn't able to guarantee that everything within its Play Store is 100 percent safe. There are always going to be developers trying everything they can to slip shady material past the company. Not that Apple is all that much better — that company, while its policies are notoriously strict, has seen disturbing children's games make their way onto its App Store.
Customers get lots of choice, but with that comes downsides like the ones we're seeing today. You can't rely on Google or Apple alone to protect you.