Android apps on Google Play Store can turn your handset as a spying agent. More than 500 million apps were observed to be infected by a range of spyware. The report was given out by U.S. based security firm, Lookout. But you can breathe easy now. Google has tackled this problem. The malicious apps have been deleted from the scene. While some have been updated with newer cleaner versions.
The firmware used by the apps could covertly siphon your device data, while you remain in the dark. It could steal your entire call log; the number, time and reply of every call. Other vulnerable data consisted of your GPS locations, list of installed apps, and nearby Wi-Fi networks list.
The researchers have named only two out of the 500 apps, which had been facing the issue. SelfieCity, a photography app, and another a LuckyCash have now been restored with a safer version after the bug fixing. The former had been downloaded more than five million times, while the latter saw over a million downloads.
The spying behaviour was attributed to a malignant advertising software development kit (SDK) called Igexin. Ad developers who used the Chinese Igexin as a platform had suffered a setback. However, they themselves were not aware of the malicious linking.
The apps which showed up the SDK consisted of games targeted at teens (with 50-100 million downloads), photo editors (with 1-5 million downloads), weather apps (with 1-5 million downloads), internet radio (with 500K-1 million downloads). Other apps such as those related to travel, education, health and fitness, home video camera and emoji were also found to be corrupt.
The invasive process of the apps was sourced from an Igexin-controlled server, Lookout Intelligence team believed. “While not all of these applications have been confirmed to download the malicious spying capability, Igexin could have introduced that functionality at their convenience.”
Further, the plugin for the malware introduction required the Android permission system. If your handset had allowed the access for key plugins, you would have received a code like “http://sdk.open.phone.igenix.com/api.php” from the server.
“It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote server,” the researchers mentioned.
The flaw was detected when an app started downloading a large encrypted file from the said server.
As of now, Google has been quick to act upon the menace. So, currently your apps are in safe custody. “We’ve taken action on these apps in Play, and automatically secured previously downloaded versions of them as well. We appreciate contributions from the research community that help keep Android safe,” a Google spokesperson wrote over mail.