Despite filtering, Play Store lets pass malicious apps for Android phones


The Google says that Android devices rate with some malicious application has been falling year after year and more and more applications are blocked before they reach the Play Store, according to company reports.

But Google’s official store faces unparalleled issues with its competitors Microsoft and Apple . In recent months, highly sophisticated programs for bank account theft have “stolen” the protection and have been registered in the Play Store.

These programs use Android’s accessibility features to get information about what’s being displayed on the screen and cover the image with some fake screen in order to ensure that the typed information is received by a criminal.

In addition to the harmful behavior, what most calls attention in these applications, according to experts of the companies Eset and Diebold Nixdorf, who found them, is the clear intention to deceive.

They used names that alluded to WhatsApp (like “Whatsfound” and “WhatsApp Update”) and their colors and icons were also chosen to confuse. When they were run, the applications did not provide the “service” they offered.


Anyone well trained to detect applications would have barred the registration of such programs. According to Google, humans are part of the various filters in the Play Store, but the company does not explain what these humans do or how they act.

Wanted by the blog , Google simply said that it works to provide a secure platform without specifying how this is done.

What is more concretely known – according to the company’s own security reports – is that the company uses a kind of artificial intelligence trained to detect suspicious applications.

Google vs. Apple

In the Play Store, the rules for an app being approved are much softer than those of rival Apple.

The iPhone maker requires applications to follow design standards and provide full and meaningful functionality. Several points verified by Apple require a human tester.

On the other hand, does not disclose the number of applications rejected, but it is difficult to argue that the absence of malicious items in the App Store is purely lack of interest from hackers.

The difference in store size is not so great: while Apple has about 2.1 million apps, the Play Store has 2.6 million.

And while Android has more than 70 percent of the world market, Apple accounts for nearly half of its share in some high-end (and therefore hacking) markets such as the US and Japanese.

This is also reflected in store billing. By 2018, the App Store had nearly doubled Google’s rival revenue, according to SensorTower estimates.

1 million barred

According to Google, the Play Store filters barred more than 700,000 applications in 2017. By 2018, that number would have been 55 percent higher – the company does not provide the exact figure, but a simple calculation indicates that it would have been at least 1.08 million.

While this amount seems to justify automated filtering, that currency has another side.

Many of these submissions certainly are from criminals trying to study Google’s filters to find out what’s going on and what’s not. If they were sure that malicious apps would not circumvent the filters, they would not waste time or even send them. It is probably this phenomenon that benefits Apple.

Remember that signing up for an app on the Play Store is not for free. Google charges a fee of $ 25 (approx. $ 93) to approve a developer registration. But Apple’s fee is 4 times higher: $ 99 (about $ 370).

The question that Google should do to itself is whether to keep such a low value and to subject Android users to unnecessary risk and highly dubious quality applications.

More limited programs

Because it can not prevent malicious and questionable applications from appearing in the Play Store, the company has imposed increasing limitations on developers, affecting all applications, whether legitimate or not.

The most recent measure, announced last October and expected to take effect in the coming months, will prevent most applications from requesting information about incoming calls and SMS torpedoes.

It should impact a number of applications, making it unfeasible for certain features that have been working for years. It may also end up with some conveniences, such as automatically filling in authorization codes received by SMS.

After receiving hundreds of complaints, Google finally approved one of the affected applications, the Tasker, to obtain this data. It has more than 1 million downloads and “memo” 4.6 in the Play Store.

Exceptions like this are few and most applications will need to be re-registered in the Play Store without the permission request for phone data and torpedoes.

Double-edged sword

The advantage of this is obvious: Many malicious applications read this information – especially torpedoes. By increasing restrictions, Google reduces the negative impact of your filter errors.

This kind of decision shows that Apple’s main pillar and differential over Apple’s iOS, which is its openness and dynamism, is clashing with itself over concerns about privacy and security.

Applications that are unviable because of this decision are likely to be obtained by users outside the Play Store, encouraging behavior that Google’s own reports point to as dangerous.


Please enter your comment!
Please enter your name here