Google removes deceptive giveaway apps from Play Store
What's the story
Despite Google's strict review and removal practices, malicious apps have been making their way to the Play Store. In the latest case of this slip-through, the internet giant has had to remove a number of apps that promised rewards and gifts but actually delivered ad malware to the user. Here's all you need to know about it.
Details
Apps connected to ad fraud botnet
The apps that have been removed were uploaded by Terracotta, an ad fraud botnet that used advanced techniques to avoid detection on the Play Store. It was discovered by the Satori mobile security team at White Ops - a security firm specializing in identifying bot behavior - in late 2019 and has kept them on their radar ever since.
Behavior
Terracotta apps promised rewards
According to White Ops' researchers, the apps uploaded by the botnet in question promised free rewards for downloaders, including things like free sneakers, shoes, boots, tickets, coupons, and expensive dental benefits. The deal was pretty simple: install the app and keep it on your phone for at least two weeks to win the promised rewards.
Revenue
But, they ran ads, generated revenue
As the users kept the apps on their phones to win the rewards, they ran ads to generate fake impressions and revenue from advertisers. Specifically, the programs downloaded and launched a modified version of WebView, without the knowledge of the user, to run the ads. This drained their battery and data for at least two weeks - with no reward in return.
Impact
Over two billion ads loaded in a week
While it is not exactly clear which apps spread this botnet malware or how many phones were impacted, White Ops researchers have indicated that it operated on a pretty large scale. They say that in the last week of June alone, the botnet loaded more than two billion ads on as many as 65,000 devices. So, one can imagine the scale since last year.
Removal
For now, Google has removed ad fraud apps
That said, for now, the fraudulent Terracotta apps have been removed from Play Store and disabled from the devices that had them installed. A Google spokesperson said, "Their (White Ops) critical findings helped us connect the case to a previously-found set of mobile apps and to identify additional bad apps. This allowed us to move quickly to protect users, advertisers, and the broader ecosystem."