Trend Micro recently found 85 adware-laden Android apps on the Google Play Store. According to the company, majority of the apps that were discovered were found to be disguised as photography and gaming apps and were downloaded over 8 million times.
All the 85 adware-laden apps were removed from the Play Store soon after Trend Micro reported its findings to Google. Super Selfie, Cos Camera, Pop Camera, and One Stroke Line Puzzle were the most popular among the 85 apps that were discovered by Trend Micro as being adware-infected. All four apps were downloaded over a million times each. A list of all the 85 removed apps can be found here.
In most cases, the apps in question posed as games or photography apps. Their removal was triggered after Trend Micro security researchers sent the results of their recent adware investigation to Google.
So, what are the “unique techniques” that this adware used to avoid immediate deletion? “Every time the user unlocks the device, the adware will perform several checks before it executes its routines,” Trend Micro writes. “It first compares the current time (the device’s system time) with the timestamp stored as installTime it then compares the current network time (queried via a RESTful API) with the timestamp stored as networkInstallTime.”
Apparently, these checks allow a malicious app to determine when it’s “safe” to begin displaying ads to users. The default time gap is 30 minutes, but that number can vary. Not only does this tactic reduce the risk of manual app removal or virus scans (by the user), but it also helps them evade any “time-based detection techniques” built in to Android.
There’s some good news, though: anyone who downloaded these risky apps is probably in the clear, as long as their device was running the latest version of Android. Trend Micro says this adware only seems to affect devices that are still on Android 8.0 or older, as newer versions of Android will display a confirmation dialogue box before the apps can execute their shady tasks.
Alternatively, you could simply avoid downloading any apps that you don’t trust. The tricky part of this scenario, though, is that many of these apps had fairly good reviews on the surface. Though these reviews were almost certainly faked, that could be enough to hook a casual user. That’s why it’s always important to read the reviews themselves before purchasing a product or downloading an app.
