Page Loader
Google removes deceptive giveaway apps from Play Store

Google removes deceptive giveaway apps from Play Store

Aug 31, 2020
01:23 am

What's the story

Despite Google's strict review and removal practices, malicious apps have been making their way to the Play Store. In the latest case of this slip-through, the internet giant has had to remove a number of apps that promised rewards and gifts but actually delivered ad malware to the user. Here's all you need to know about it.

Details

Apps connected to ad fraud botnet

The apps that have been removed were uploaded by Terracotta, an ad fraud botnet that used advanced techniques to avoid detection on the Play Store. It was discovered by the Satori mobile security team at White Ops - a security firm specializing in identifying bot behavior - in late 2019 and has kept them on their radar ever since.

Behavior

Terracotta apps promised rewards

According to White Ops' researchers, the apps uploaded by the botnet in question promised free rewards for downloaders, including things like free sneakers, shoes, boots, tickets, coupons, and expensive dental benefits. The deal was pretty simple: install the app and keep it on your phone for at least two weeks to win the promised rewards.

Revenue

But, they ran ads, generated revenue

As the users kept the apps on their phones to win the rewards, they ran ads to generate fake impressions and revenue from advertisers. Specifically, the programs downloaded and launched a modified version of WebView, without the knowledge of the user, to run the ads. This drained their battery and data for at least two weeks - with no reward in return.

Impact

Over two billion ads loaded in a week

While it is not exactly clear which apps spread this botnet malware or how many phones were impacted, White Ops researchers have indicated that it operated on a pretty large scale. They say that in the last week of June alone, the botnet loaded more than two billion ads on as many as 65,000 devices. So, one can imagine the scale since last year.

Removal

For now, Google has removed ad fraud apps

That said, for now, the fraudulent Terracotta apps have been removed from Play Store and disabled from the devices that had them installed. A Google spokesperson said, "Their (White Ops) critical findings helped us connect the case to a previously-found set of mobile apps and to identify additional bad apps. This allowed us to move quickly to protect users, advertisers, and the broader ecosystem."