Level 30
Feb 4, 2016
Operating System
Windows 8.1
Google has removed 36 Android apps that snuck into the official Play Store, posing as security and performance boosting apps, but which only contained code to mimic the behavior of such apps.

In reality, these applications contained code that focused on showing fake security alerts, displaying intrusive ads, and secretly collecting troves of personal data.

The existence of these apps came to light today, after Trend Micro researcher Lorin Wu published a report about their abusive behavior.

Wu says he spotted the apps in December and worked with Google to remove them from the Play Store.

Malicious apps spammed users with fake security alerts
The researcher says the apps were empty shells. They showed fake alerts in the notifications bar, that when opened would show a misleading animation meant to trick users into thinking the app was fixing the security issue or some sort of performance snag.

But according to Wu, the apps were downloading and showing intrusive ads whenever the user clicked on these notifications.

Hence, the reason why the malicious apps tended to show alerts at regular intervals in an attempt to maximize their monetization opportunity and before users realized the apps were more annoying than useful.
Apps also collected user details
Besides the adware behavior, Wu says the apps also collected lots of sensitive information from the devices they were installed on. The breadth of collected info includes OS details, hardware specs, geolocation details, details on other apps, and so on.

Some apps contained a long-winded EULA agreement in which app authors disclosed their intrusive data collection practices, but Wu says the collected data was "unrelated to the functionality of the app."

This may have also been the reason why Google intervened and removed the apps from the Play Store. Wu published a list of all the apps that featured the intrusive behavior.