Aggressive adware affecting Android apps on the Google Play Store

Avast discovered 50 adware apps on the Google Play Store using Avast’s mobile threat intelligence platform. The installations of the apps range from 5K to 5M. The adware can be very annoying as it continuously displays full-screen ads, and eventually tries to convince the user to install further apps. To know more about adware you can contact Avast customer service.

Google Play Store

The adware applications are linked together by the use of third-party Android libraries which bypass the background service restrictions. Some applications in the libraries keep displaying more and more ads to the user, which is against Play Store rules.

Avast support conducted research, in which it is found that the adware was installed 30 million times before being removed from Google Play Store. Avast has cooperated with Google, and all of the samples were removed from the Play Store a few days back.

Avast found two versions of adware on the Play Store so far, all linked together by the same code. Below is the description for both of them.

Version A

Version A, the oldest version of adware was installed 3.6 million times. The apps containing the adware were simple fitness, games, and photo editing apps. Version A was most often installed in India, Indonesia, Pakistan, Philippines, Bangladesh, and Nepal.

Most of the apps containing version A appear to work as advertised in the Google Play pages but come with a nasty, extra surprise including shortcuts to the apps and full-screen ads are shown to the user when they turn the screen on. In some types of version A, ads are also shown periodically when the user is using the device.

Version B

Version B, the second oldest version of adware was installed nearly 28 million times. The adware was included in fitness as well as music apps. Version B was most often installed in the Philippines, India, Indonesia, Nepal, Malaysia, Brazil, and Great Britain. The developers of the adware version B put a little more effort into it, as it appears newer and its code is better protected.

This adware is only triggered if the user installs the app by clicking on a Facebook ad. The application can detect this using a Facebook SDK feature called “deferred deep linking” in technical term. It only shows ads within the first four hours of the app being installed and then much less frequently.

Version B doesn’t seem to work on Android version 8.0 and above because of changes in the background service management in these newer Android versions. However, nearly 80% of devices are still running older Android versions.

Tips to avoid adware

  1. Install a trustworthy antivirus app- Antivirus acts as a safety net and can protect you from adware, malware, etc.
  2. Be cautious while downloading apps– You must read app reviews before installing a new app, carefully reading both positive and negative reviews.

If an app’s review includes comments like “this app doesn’t do what it promises” or “this app is packed with adware,” – think twice before downloading the app.

  1. Always check app permissions carefully– closely look to see if they make sense. Granting incorrect permissions can send sensitive data to cybercriminals, including information such as contacts stored on the device, media files, and personal chats.

If anything seems unusual or inappropriate, the app should not be downloaded.

To know more about services provided by Avast and to resolve technical issues, www.avast.com/support is always there to help.

Leave a Reply