Over 2,000 fake apps on Google Play Store: Study
Anam.Ajmal@timesgroup.com
New Delhi:26.6.2019
There are at least 2,040 counterfeit apps on Google Play Store, shows a twoyear study by University of Sydney and CSIRO’s Data61. They include fake versions of wildly popular games such as Temple Run, Free Flow and Hill Climb Racing.
The study investigated around 1.2 million apps on Google Play Store, available in Android operating systems, and identified a set of potential counterfeits for top 10,000 apps.
Counterfeit apps impersonate existing popular apps and attempt to misguide users. “Many counterfeits can be identified once installed, however even a tech-savvy user may struggle to detect them before installation,” the study says. It also points out that fake apps are often used by hackers to steal user data or infect a device with malware. “Installing counterfeit apps can lead to a hacker accessing personal data and can have serious consequences such as financial losses or identity theft,” reads a blog post by the university.
A Google spokesperson, in response to a TOI email, said, “When we find that an app has violated our policies, we remove it from Google Play. We want users to be safe online and we work hard to help protect them.”
“Under conservative assumptions, we were able to find 2,040 potential counterfeits that contain malware in a set of 49,608 apps that showed high similarity to one of the top 10,000 popular apps in Google Play,” says the study.
“We also find 1,565 potential counterfeits asking for at least five additional dangerous permissions than the original app and 1,407 potential counterfeits having at least five extra third party advertisement libraries,” reads the paper.
One of the research team members, Suranga Seneviratne, a faculty member at the University of Sydney, told TOI that fake apps are common in app markets and are hard to contain. “In an open app ecosystem like Google Play the barrier to entry is low so it’s relatively easy for fake apps to infiltrate the market, leaving users at risk of being hacked,” Suranga said.
The Sydney university blog also suggests that users can protect themselves from the malware laden apps by reading the app description and checking metadata. “...check the available metadata, such as the developer information, number of downloads, release date, and user reviews before any installation. For example, a Facebook app with only 100,000 downloads would be an immediate red flag as the authentic Facebook app would instead have billions of downloads.”
Google has also acknowledged the problem of “malicious apps and developers” in a blog post by Google Play Product Manager Andrew Ahn on February 13, 2019.
“(We have) stopped more malicious apps from entering the Google Play Store than ever before. The number of rejected app submissions increased by more than 55%, and we increased app suspensions by more than 66%. These increases can be attributed to our continued efforts to tighten policies to reduce the number of harmful apps on the Play Store, as well as our investments in automated protections and human review processes that play critical roles in identifying and enforcing on bad apps.”
According to Suranga, “removing these apps is the first step. However, enhanced scrutiny and automated vetting must happen during to the publication process so that these apps do enter the app market at all.”
POSING RISK
Anam.Ajmal@timesgroup.com
New Delhi:26.6.2019
There are at least 2,040 counterfeit apps on Google Play Store, shows a twoyear study by University of Sydney and CSIRO’s Data61. They include fake versions of wildly popular games such as Temple Run, Free Flow and Hill Climb Racing.
The study investigated around 1.2 million apps on Google Play Store, available in Android operating systems, and identified a set of potential counterfeits for top 10,000 apps.
Counterfeit apps impersonate existing popular apps and attempt to misguide users. “Many counterfeits can be identified once installed, however even a tech-savvy user may struggle to detect them before installation,” the study says. It also points out that fake apps are often used by hackers to steal user data or infect a device with malware. “Installing counterfeit apps can lead to a hacker accessing personal data and can have serious consequences such as financial losses or identity theft,” reads a blog post by the university.
A Google spokesperson, in response to a TOI email, said, “When we find that an app has violated our policies, we remove it from Google Play. We want users to be safe online and we work hard to help protect them.”
“Under conservative assumptions, we were able to find 2,040 potential counterfeits that contain malware in a set of 49,608 apps that showed high similarity to one of the top 10,000 popular apps in Google Play,” says the study.
“We also find 1,565 potential counterfeits asking for at least five additional dangerous permissions than the original app and 1,407 potential counterfeits having at least five extra third party advertisement libraries,” reads the paper.
One of the research team members, Suranga Seneviratne, a faculty member at the University of Sydney, told TOI that fake apps are common in app markets and are hard to contain. “In an open app ecosystem like Google Play the barrier to entry is low so it’s relatively easy for fake apps to infiltrate the market, leaving users at risk of being hacked,” Suranga said.
The Sydney university blog also suggests that users can protect themselves from the malware laden apps by reading the app description and checking metadata. “...check the available metadata, such as the developer information, number of downloads, release date, and user reviews before any installation. For example, a Facebook app with only 100,000 downloads would be an immediate red flag as the authentic Facebook app would instead have billions of downloads.”
Google has also acknowledged the problem of “malicious apps and developers” in a blog post by Google Play Product Manager Andrew Ahn on February 13, 2019.
“(We have) stopped more malicious apps from entering the Google Play Store than ever before. The number of rejected app submissions increased by more than 55%, and we increased app suspensions by more than 66%. These increases can be attributed to our continued efforts to tighten policies to reduce the number of harmful apps on the Play Store, as well as our investments in automated protections and human review processes that play critical roles in identifying and enforcing on bad apps.”
According to Suranga, “removing these apps is the first step. However, enhanced scrutiny and automated vetting must happen during to the publication process so that these apps do enter the app market at all.”
POSING RISK
No comments:
Post a Comment