Fraudulent Apps You Probably Have On Your Phone – Remove Immediately
Cyber-security has been a big threat to the evolution of technology. Even though Google has been at the forefront of fighting cyber-security by stepping up its detection efforts, it can’t seem to get rid of them all. Recently, some defective apps have been sneaking their way into the Google Play Store where they accumulate millions of downloads before being discovered and eliminated.
The most recent culprits found are 2 camera apps and 4 VPN apps that have jointly accumulated 500 million downloads. According to Wandera’s threat research team, it has discovered two adware apps on the Google Play Store with a combined 1.5 million+ downloads. Surprisingly, the apps seem harmless as they are both just selfie filter camera apps with the same functionality.
Adware is usually seen as a bother to the end-user. In extent measures, mobile adware can kill productivity and lead to more serious consequences even for businesses. Intrusive out-of-app ads impede users in the middle of their operations, block their devices, drain the battery, and sometimes crash the device.
With mobile advertising spending estimated to be over US $75 billion in 2018, cyber-criminals definitely want to cash in on this goldmine. 2018 had a lot of mobile ad frauds and even though there are countermeasures against it, unique techniques have been used to circumvent them.
Adware enables authors to generate money from affected devices. Even though it’s seen more as a nuisance than a threat, these camera apps have more advanced functionality than the average adware:
- Sun Pro Beauty Camera – with more than 1 million downloads on Google Play Store
- Funny Sweet Beauty Camera – with more than 500,000 downloads on Google Play.
During testing both apps, it was discovered:
- Once installed, the app icon is visible on the app drawer
- When the app is opened, it creates a shortcut and then removes itself from the app drawer
- After uninstalling the shortcut, the app remains active and can be seen in the background
The ad behaviour is different in the two apps:
- Testing on SunPro Beauty Camera showed that even if the app is never opened or even after restarting the device, full-screen ads that are difficult to close start to pop up
- Testing on Funny Beauty Camera showed that the full-screen ads begin to appear outside the app only when a filtered photo is downloaded via the app, locally on the device.
The functionality an also be compared to these adware apps discovered by Trend Micro:
- Magic Camera: Make Magical Photos
- Blur Photo Editor
- Beautiful House: House Painting Game
- Find the difference: smart detective
- Background Replacement
- Colour House 2019
- Photo Background Eraser
- Toy Smash: Cube Crush 2019
- One Stroke Line Puzzle: Funny Game
The APKs of Sun Pro Beauty Camera and Funny Sweet Beauty Camera have a Chinese packer known as Ijiami. These packers are often used to shield the APK from being unraveled and assessed. This functionality is utilized by gaming apps to help prevent other developers from copying them, which is not illegal. However, the apps have concerning issues that should be looked into.
Sun Pro Beauty Camera permissions
- RECORD_AUDIO – Enables the app to record the audio at any time without user confirmation 033
- INSTALL_SHORTCUT – Enables one part of the “stealthy” behavior
- SYSTEM_ALERT_WINDOW – This can enable the app to overlay some information and trick the user into clicking something they did not want
Funny Sweet Beauty Camera permissions
- RECORD_AUDIO – Enables the app to record audio with the microphone even without your confirmation.
- RECEIVE_BOOT_COMPLETED – Enables the app to automatically activate after booting the phone
- SYSTEM_ALERT_WINDOW – Enables the app to display content over another app
These go against Android permission as explained here.
Google Play Protect was designed to guard against app vulnerabilities. In 2018. Google was able to detect and remove malicious apps from entering the Google Play Store. The number of rejected app submissions increased by more than 55% and increased app suspensions by more than 66%. Even with these numbers, there were warning signs that malicious apps are still available to be installed on Google’s official store.
There were warnings about four Android VPNs that were attacking devices with fraudulent ads which helped generate income for their operators at the expense of companies placing these ads. Interestingly, the four apps originate from China – with two having almost identical code. The VPN apps are:
- HotSpotVPN – 500,000 downloads
- Free VPN Master – 1 million downloads
- Secure VPN – 1 million downloads
- Cheetah Mobile’s Security Master (Applock AntiVirus) – 500 million users
According to Security Researcher, Andy Michael, these apps were found to originate from either Hong Kong or China where VPN usage tends to be higher than in other countries as a result of China’s Great Firewall and amidst the ongoing protests in Hong Kong. While three of these four apps provide VPN services to users, Security Master is an antivirus app.
You can actually test and make sure you do not have any of these applications. Some of these applications are still present in the Google Play Store and some of them have been removed.
On your device, simply go to the Settings and scroll down to the “Apps” selection. Go ahead and click it and it will pull up all the applications on your device. Scroll down and make sure that you don’t have any of these apps. If you have one, simply click on the app and then tap on “Uninstall”. You’re good to go!