By Jon Fingas, Engadget
Google still has to deal with malicious Android apps slipping through the cracks despite improvements in its screening technology, and some of the offenders are worse than others. Case in point: the company recently pulled 29 camera and photo apps from the Play Store after it became clear they were meant to push intrusive ads, scam users and even steal content. Multiple apps will push full-screen ads, including porn, and some will use the opportunity to run phishing scams that steal your personal info under the guise of contests. Another group of camera apps were ostensibly meant to beautify your photos, but really just stole the uploaded pictures and gave users a fake update prompt.
The apps went out of their way to disguise their malicious nature. They'd use multiple compression archives (aka packers) to prevent analysis, and layer on thick encryption for their remote servers. Users would also have trouble removing them, to boot. They'd hide from the standard app ilst (you couldn't just drag them out to delete them), and would make sure they weren't linked to the ads.
This wouldn't be as much of an issue if it weren't that the apps were popular before Google removed them. All told, 11 of the apps had been downloaded over 100,000 times, and three of those over a million times -- that's a lot of victims. Unless Google can find a way to catch these apps sooner, it may be up to users to keep an eye out for suspicious apps.
