How Secure Is The Google Play Store?
Google’s Light-Touch Review protocol may be doing more harm than good.
Quick answer — not very.
And manufacturers don’t have anything to do with that, before you go down that path.
This fallibility falls squarely on Google’s side on the fence.
Obviously, you’ll already know that the Google Play Store serves as the official app store for all Android smartphones, tablets and other peripheral devices (like Chromecast, Android TV etc.).
It has more than 1.6 million apps, that are developed using the proprietary Android SDK.
Once any app is designed, the developer(s) submit it to the Play Store, which then supposedly goes through a ‘light-touch review’ process and (almost always, we guess) gets published.
The App Review process using algorithms and an internal team of human reviewers was developed in March 2015, after some apps were found violating the policies of Google. This was clearly very late (as the app store has been in existence since 2008 (first as Android Market, till 2012 when the Google Play Store replaced it).
However, in reality, most apps are published instantly without robust scrutiny as a trade-off between security and speed.
Recent instances have come to light, that are making the informed Android users a bit hesitant about the security and privacy of the Store. Apps that ordinarily should have been culled in the review process have yet found their way to the Store’s (virtual) shelf.
Pashto Afghan News — Alemarah, a Taliban app, was reportedly allowed onto the Play Store inspite of featuring the terrorist group’s videos and statements.
The app was originally traced by the U.S. based intelligence agency SITE Intel Group, tasked with tracking online terrorist activities.
The app’s open existence speaks to the total failure of the App Review process.
Google Play Store’s published policies do not allow “apps that depict or facilitate gratuitous violence or other dangerous activities”, and a Taliban app possibly hints being a communications medium rather than a tool for documenting terrorist attacks or guiding users through instructions on how to carry out one.
While there is an ISIS app existing in the Play Store, which is a simple messaging app and doesn’t seem to harm people, the Taliban app was believed to serve other motives, and that is the predominant reason why Google has removed the app from the Play Store citing the reason as “technical issues”.
On the withdrawal of the Taliban app from the Play Store, a Google Play spokesperson responded saying, “While we don’t comment on specific apps, we can confirm that we remove apps from Google Play that violate our policies”.
Well it’s not just the Taliban app!
Reportedly, some Russian security researchers have found Trojans apps carrying malware and spyware capabilities, in over a hundred Android apps, freely available on the Google Play Store.
Hold your heart — these apps have already been downloaded over 3.2 million times!
Dr. Web, an antivirus software firm, has tracked down a threatening malware called Android.Spy.277, which is capable of cloning the original (authentic) apps available on a user’s device, and hijacking it.
After the replication is completed, the app instead of carrying out its regular activities, begins to fetches user’s private data including the device’s IMEI code, the SIM card registered to the device, the user’s geographical location and the user’s linked accounts, etc.
The nasty malware can affect apps ranging from video players to games, health, wallpaper and social networking apps including instant messaging service apps.
Thats not all, when the user clicks on the cloned version of the app, the malware immediately fetches the user’s information and sends it to the hackers’ control and command (C&C) server where the information is stored. The C&C server then instructs the cloned app to do unusual things such as popping up ads appearing on the notification bar, or creating shortcuts to links and placing them on the device’s home screen.
The shortcuts direct the user to malicious websites on the smartphone’s browser or the Play Store. By persuading the user that the smartphone is not functioning properly, the cloned app suggests that the user download another malware-laden app that will fix the issue faced by the user.
Instances like overheating and battery damage are the common threats in the affected devices. When the user tries to get rid of the cloned app, the malware Android.Spy.277 installs another app onto the device that will continue to damage the device as the initially cloned app did.
The circle never ends.
These were some examples of serious threats. While most are malwares, which result in increased Internet traffic, which translates to incurring increased data usage costs borne by the user, others can clearly be more destructive/harmful.
There is a solution though, thankfully.
Affected users can download Dr. Web Android app, which will safeguard the device against the malware.
Another one, Android.Locker ransomware can be used in the safe mode to protect the device against the malware.
In 2014, Google had published a study “Android Security 2014 Year in Review”, which had highlighted that under 1% of Android devices had potentially harmful apps installed in 2014, while an independent study on the same by Lookout, a mobile security firms puts the figure of the Android users affected in the U.S. during the same time in the neighborhood of 7%!
Quick Heal Technologies Ltd an IT security solutions provider pointed out that the Android malware had increased by 300% between 2011 and 2014!
For each of you other there, while you anticipate and hope for the Play Store to be a secure sanctuary, I hope this (rather) long read has helped widen your eyes, some what.
Please be careful out there, and only download stuff that you’re sure of, and is from reputed App Developers. It might be good idea to read up on the Internet before you download from the Store. Last, please… don’t download .APK files from websites.. rely on the Play Store.
You’re safer there.. relatively.
Originally published at Chip-Monks.
