back to article Google screening missed hundreds of malicious Android apps, researchers say

Malicious apps that have breached Google's defences and made it onto the Play store have netted 1.2 million victims, often hijacking phones to place fraudulent clicks on pornography sites. ESET researcher Peter Stancik says his team found some 343 malicious Android applications that were uploaded to the official Google Play …

  1. Grikath

    hmmm....

    "Each app has been downloaded an average of 3600 times."

    No they haven't.. A bit of looking further in the original article, and finding the actual list of trojans and apps shows that the'"average" is skewed by only a few really successful campaigns ( [popular game title] + "free" will attract a guaranteed number of idiots.. Quite often repeat idiots.. ), but most have download numbers in the 10's and at best 100's.

    That's an awfully low success rate..

    It does surprise me that the "[popular/major game title] + free " names don't immediately cause red flags to be waved though... That trick is as old as well... Ugh! the Caveman.

    1. SuccessCase

      Re: hmmm....

      Most people default to using mean average not median

      1. Someone_Somewhere

        Re: hmmm....

        For any given set of values, the mean and median are identical.

        Your thinking was possibly influenced by subconscious reference to the modal value?

        1. cbars Bronze badge

          Re: hmmm....

          Interesting...

          1,2,3,20,23,24

          Mean: 12.17 (2dp)

          Median: 11.5

          1. Someone_Somewhere

            Re: hmmm....

            You're absolutely correct - I forgot about taking the mean of the central values for even numbered value pools.

            I shall fetch my coat forthwith.

            Have an upvote.

            As you were :)

  2. Anonymous Coward
    Anonymous Coward

    How meticulous have the third parties been in dismantling the code to see how it works? It could be that the malware writers have the upper hand because they've figured out a way for the app to distinguish between running in Bouncer and running in an actual phone. Or perhaps it uses a sleeper trigger so that it waits until after a certain date to trigger (so it never triggers during the Bouncer test). You get the point; the malware writers may be able to write apps to game the Bouncer test.

  3. a_yank_lurker

    Question

    Is there any common thread for these apps such as games? More interested in a common pattern that one could use to spot them.

    I am not surprised some malicious apps get through. No system is 100% perfect.

  4. Alumoi Silver badge
    Mushroom

    You've missed the central problem here. It's not that they trick Google's defence or incumber high data traffice for the idiots. Ladies and gentlemen, here's the real reason:

    “After installation, they generate fake clicks on advertisements to generate revenue for their operators, robbing advertisers and harming advertising platforms.”

    It interferes with advertisers God given right to make money! How dare they, scummy malware writers, compete with us!

    1. Anonymous Coward
      Anonymous Coward

      Well, if you advertise on porn sites, you can't really rely on the high ethical standards of the site owners... there's something interesting that advertiser on sites making money from exploiting people are exploited themselves - through the help of worshippers of Google's favourite marketing term, "free".

      And Google itself doesn't disdain to make money from some illegal transaction - see illegal drig sales... maybe there's a reason why it doesn't spot those apps so quickly, even after assimilating VirusTotal?

  5. Anonymous Coward
    Anonymous Coward

    Planting fraudulent clicks on porn sites

    Oh noes!

    So basically you're telling me these evil apps are helping destroy the value of web advertising by feeding bogus clicks? Biting the hand of the Googly ad monster?

    Sorry, but that doesn't meet my definition of malicious. Heck, where do I sign up to download one of these on my iPhone? I'll disable it from using cellular data, but as far as I'm concerned while I'm sleeping it can feed bogus clicks over my wifi all night long. You don't even have to pay me, I'd consider this a public service!

  6. Doctor_Wibble
    Trollface

    Don't trust those non-official sources

    Don't forget, you can't trust anything from anywhere other than the sacred app store because all those unofficial places are wretched hives of scum and villainy, and I am eternally grateful to our googly overlords for this warning and providing us a guaranteed safe haven to enable us to satisfy our need for exciting flattened boiled sweet adventures...

  7. Cuddles

    Is that all?

    As of about a year ago, Android had over 1.4 billion users. That makes victims less than 1/1000 of users. A higher proportion believe the Moon landings were faked and that the Queen is a giant lizard. Given the scale of fraud that happens pretty much everywhere, not just on phones, I'd say Google are doing a pretty good job of keeping things secure if that's all that's managing to slip through their screening.

    1. This post has been deleted by its author

    2. Lallabalalla

      Re: Is that all?

      Ok, moon landings were real, obviously. But *everyone knows* the queen is a giant lizard FFS.

    3. Alan Brown Silver badge

      Re: Is that all?

      The queen is not a giant lizard.

      Just look at her. At best she's a not very large lizard.

      on the other hand, Philip......

  8. Lallabalalla

    "Google has not revealed how its Bouncer app-filtering tool works"

    Maybe that's because that might make a little easier to work around it?

    Anyway, open is better, right?

  9. PassiveSmoking

    Robbing advertisers

    "After installation, they generate fake clicks on advertisements to generate revenue for their operators, robbing advertisers and harming advertising platforms"

    So at least there's some good news in this then.

  10. Old Handle

    Doesn't seem that bad really

    343 malicious apps out of well over a million? If that's really all I'd say Google is doing a pretty decent job. Of course it's possible there are still more than ESET didn't spot either,

    1. Dick Pountain

      Re: Doesn't seem that bad really

      "I'd say Google is doing a pretty decent job"

      You might say that, but El Reg can't because it believes Google to be the spawn of Satan and bends its knee towards Cupertino

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like