47 Android apps on the Google Play Store have adware that just won’t go away

Google may be taking its fight against malicious applications very seriously by scanning over 50 billion applications on its app store on a daily basis but it is far from winning the fight.

Researchers at SophosLabs recently uncovered 47 applications that been collectively downloaded over 6 million times that have a recurrent type of adware.

Adware, short for ad-supported software is not evil per se. It is a legitimate way for software developers to make some money off products that they are giving away to end users for free. Adware refers to advertisements that can be found in a system as a result of one installing some software. Like when you install an app and then you start seeing some ads either in the app or elsewhere within your system. At best, adware can just be irritating. However, like everything else affiliated with computing systems, adware can be exploited and used for all the wrong reasons.

It is the latter that users of the 47 Android apps identified by SophosLabs researchers are at risk of.

The adware, identified as App/MarsDae-A, runs in apps that are compatible with devices that run software going as far back as Android 2.3, Gingerbread, and as new Android 6.0, Marshmallow.

Package names of the infected apps. Check if an app you have installed is on this list and make take the appropriate action.

“Its primary function is to keep the adware alive even if the user attempts a force close or memory scrub,” reads a post by the SophosLab team on its Naked Security blog.

Users of some of the affected applications have taken to the comments and reviews section of the respective apps to vent their frustration. Some are not even able to uninstall the apps while others see unwanted ads on their device’s lock screens when they are either idle or plugged in, ads that recur even after a user stops the offending app.

The adware is able to do this by running some malicious code within the apps harbouring it that maintains several system processes that ensure it persists even when a user explicitly stops it through the Android settings app.

Last month, SophosLabs uncovered yet another adware, XavirAd, that had infected at least 50 applications found on the Play Store.

It is Sophos’ work, of course, to discover any threats to systems since it is in the business of selling security software, like the mobile app it claims has already been updated to protect users from the threat of this App/MarsDae-A adware. As such, while we should be taking the necessary precautions as users, we should also rest easy knowing that Google is doing the best it can. Even more with the Google Play Protect program (formerly Verify Apps) announced at Google I/O 2017.

“By Q4 2016, fewer than 0.71% of devices had Potentially Harmful Applications (PHAs) installed and for devices that exclusively download apps from Google Play, that number was even smaller at 0.05%,” notes Google in its Android Security 2016 Year in Review report released in March.

“Devices with Google Mobile Services (GMS) are protected straight out of the box by a complete set of endpoint security and antivirus services. This set includes both cloud-based and pre-installed on-device services that use real-time data from the Android ecosystem to understand the security environment. Because Google’s security services generally don’t require firmware or platform-level patches to update, they provide a first line of defense against evolving security threats.”

Emmanuel Chenze

Let's just say I know my stuff. I have 7 years experience handling, tinkering with and then writing extensively about Android stuff. Sometimes it is exciting, sometimes it is not; things can get stale with nothing new to show but I live for each one of those moments. Have something Android-related that you believe I need to have a look at? Hit me up: echenze@androidkenya.com