For the majority of people Google Play is their first stop when looking for new apps to download on their Chromebook or Android devices, and with good reason. This is Google’s official app store, almost all apps are available through it, and you might think that you are completely protected from downloading malware and fake apps.
Unfortunately, Google Play is not 100 percent secure. As we will learn below, there have been several instances where malware has been distributed through Google Play to millions of devices without either users or Google knowing about it until it was too late.
But there is good news too! Google Play has security measures in place to combat malicious apps, and while malware is evolving rapidly, there are others you can take on your own to prevent Google Play viruses from infecting your phone or other device.
Google Play Malware
By default, Android devices are protected from «disk-boots» or malicious code that is downloaded to your device without your consent. If you not change security settings manually you will always be notified before downloading or installing any new software, and you will only be able to download «known» apps from Google Play. In other words, the only way to get a virus on your Android device is to voluntarily download it.
Unfortunately, cybercriminals have become very creative when it comes to hiding malware inside seemingly harmless apps and uploading them to Google Play. Once the app is available on the official app store, millions of users will have no problem assuming it’s safe and downloading it without a second thought.
Here are just a few examples of malware on Google Play:
- In 2019 ESET research identified dozens of adware on Google Play, many of which have been detected for over a year.
- In 2018 Forbes reported that half a million Android users have downloaded a virus disguised as a racing game from Google Play.
- In 2017 Check Point Software Technologies discovered an Android virus that charged users for fraudulent text messages hidden in 50 apps. The infected apps were downloaded a total of 21.1 million times before Google removed them.
- Also in 2017, a fake Appendix whatsapp so similar to the real thing that it was downloaded a million times before anyone noticed it. He showed Google Play as an update to WhatsApp, but in fact installed a hidden application that made money by displaying ads.
How often do viruses appear on Google Play, it should be noted that there are lots of antivirus applications. It may seem like Google Play is riddled with malware, but the truth is that only a small fraction of the apps you can download through Google Play are actually harmful.
Compared to Apple’s App Store, Google Play’s reputation for malware is not that great, mainly because Google and Apple have very different approaches to apps. Learn about viruses on iPhone for more information.
What can infected applications do?
Malware can do a lot of damage. Some of them are admittedly less harmful than others, but it’s important to know how serious Google Play malware can be.
Here are just a few examples of what a virus can do to your Android phone, tablet, or other device:
- Show pop-up ads that bring money to the developer.
- Find your email addresses and phone number.
- Extract details from your contact list.
- Find your GPS coordinates.
- Steal messages.
- Copy your passwords and login to your accounts remotely.
- My cryptocurrency on your device and send the funds back to the developer.
- Use SMS tricks to make you pay for services you didn’t ask for.
- Redirect browser pages to fake login screens and advertising sites.
- Open your device to new attacks in the future.
How Google Play fights malware
We know that malware makes its way through the app store, and we know the damage it can cause if installed. The good news is that Google is not leaving us.
Google started taking malware seriously in its app store in 2012 with the release of a security feature bouncer . Bouncer will scan the Android Market (now called Google Play) for malware and eliminate suspicious apps before they can reach users. In the year it was released, the number of infectious apps in the mobile store dropped by 40 percent, but security experts quickly discovered flaws in the system, and cybercriminals learned how to mask their malicious apps to undermine Bouncer.
Google later introduced a built-in malware scanner for Android devices called Google Play Protect . While it scans over 50 billion apps every day, it’s not always efficient. In comparative studies of various antivirus programs, Google Play Protect consistently ranks last.
Finally, in 2016, a human application analysis process was introduced, and started in 2019 deeper app reviews for developers who do not yet have experience with Google. But even with Google’s consistent attempts to thwart malware attempts made through Google Play, there will always be programmers who will find a way out.
Bad actors are constantly finding new ways to evade Google’s anti-malware measures. They may have encrypted code until the app is published, or use similar names as authentic apps to fool the approval process.
It’s a never ending battle between Google releasing security improvements to plug existing vulnerabilities and malicious programmers learning how to bypass those changes. Google’s attempts work, but not forever.
How to determine that you have downloaded a virus from Google Play?
There are several ways to detect malware on your Android device:
- Everything is suddenly much slower.
- You see ads you’ve never seen before, especially in strange places.
- The battery runs out quickly.
- You are experiencing strange screen redirects or overlays that you have never experienced before.
- Google Play has a download button for an app you already know about.
- Applications that you cannot recognize are installed on your device.
- You have recently been the victim of identity theft or strange accusations.
- The app is asking for a lot of unnecessary permissions.
However, it is not always immediately obvious that the application you downloaded is malicious. In fact, cybercriminals rely on ignorance to steal your data. After all, you haven’t made any changes to your security settings and only downloaded a few apps, so you may not have reason to think you have a virus or fake app.