Just Android things: 150m phones, gadgets installed 'adware-ridden' mobe simulator games Android adware found its way into as many as 150 million devices – after it was stashed inside a large number of those bizarre viral mundane job simulation games, we're told. The so-called Simbad malware was built into mobile gaming titles such as Real Tractor Farming Simulator, Heavy Mountain Bus Simulator 2018, and Snow …
Having seen some of these games aps in action, I am not sure how to differentiate between them and malware. I started to say "other malware", but I guess that some individuals actually want these on their phones and download them willingly unlike the add-ons described in the article. There's no arguing with taste.
I don't wish to root my phone (and even if I did, it borks various apps so I wouldn't) but for anyone else in the same boat, I can recommend the NoRoot Firewall.
Basically it installs as a VPN client and routes all traffic through itself, acting as a proxy, allowing you to turn off access to any app on a granular basis.
And it's free.
It also defaults to blocking (as it should, of course) so a new app needs to be allowed through.
"Google should also take another look at its malware scanning systems. While the Chocolate Factory claims that its AI-powered code checkers booted out 700,000 malicious apps in 2017, it's clear the ad giant is still asleep at the switch."
I have yet to see Google's "Play Protect" flag any dodgy app.
I have logcat logs showing apps taking screenshots of the device in the background as well as the usual full screen ads that play sound and post more ads to the notification screen and much more.
Overlay attacks that trick users into downloading or sharing other apps by placing an X over the top of other buttons.
Apps that attempt to root a device or attempt to run su, chown, chmod on an already rooted device.
And each and every time I see these things on an Android phone Play Protect says everything is OK.
The problem is that users then download some other so-called "security" app to try and remove the adware that just compunds the problems.
The only time an app ever gets booted from the Play Store is when there is media attention.
My Android phone is pretty clean - there are very few apps on it and they're from fairly reliable publishers.
My son's tablet PC, though, is a different matter.
So, given the length of that list and the arcane naming of the apps, is there any obvious way to list the installed apps on the device and check it with that list? My eyeballs don't fancy an old-school eyeball grep today...
Not easily. You're best off installing some kind of checker, and Checkpoint's essentially just touting for business with this report, but basically, you're going to have to educate your son about the dangers of installing just any old shit; you know a "don't go with strangers" talk. Note, it's not just games, anything that promises something for nothing is likely to be suspicious.
BTW. 150 million sounds a lot but given the installed base, and the way the numbers were calculated, it's not that significant. Checkpoint has form in the area and regularly releases reports like this.
In answer to my own question, with my phone (developer mode enabled) connected to my Linux PC by USB, I can grab the list into a text file (bad-andoid-packages.txt) and then
for PKG in `adb -d shell pm list packages`; do grep $PKG bad-android-packages.txt; done
which should spot any matches.
So now all I need to do is get the tablet unlocked and developer-mode-enabled, and it should be easy...
Certainly easier than watching over his shoulder every minute to spot him installing stuff he shouldn't, although I do try ...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
