Screengrabs of some of the malicious apps

Google has removed 36 Android apps that snuck into the official Play Store, posing as security and performance boosting apps, but which only contained code to mimic the behavior of such apps.

In reality, these applications contained code that focused on showing fake security alerts, displaying intrusive ads, and secretly collecting troves of personal data.

The existence of these apps came to light today, after Trend Micro researcher Lorin Wu published a report about their abusive behavior.

Wu says he spotted the apps in December and worked with Google to remove them from the Play Store.

Malicious apps spammed users with fake security alerts

The researcher says the apps were empty shells. They showed fake alerts in the notifications bar, that when opened would show a misleading animation meant to trick users into thinking the app was fixing the security issue or some sort of performance snag.

But according to Wu, the apps were downloading and showing intrusive ads whenever the user clicked on these notifications.

Hence, the reason why the malicious apps tended to show alerts at regular intervals in an attempt to maximize their monetization opportunity and before users realized the apps were more annoying than useful.

Apps avoided running on modern handsets

Besides disguising the "app fixing" process behind a useless animation, these apps contained other clues that convinced Wu that the apps were designed with malicious intent from the start.

For example, the apps wouldn't create shortcut icons on the users' phone, so the user wouldn't be able to easily uninstall it.

Further, the apps did not start malicious behavior on modern smartphone models, mostly because these devices could run Android OS versions with improved security features.

Wu says the source code of these malicious apps contained filters that prevented the apps from running on devices such as Google Nexus 6P, Xiaomi MI 4LTE, ZTE N958St, and LGE LG-H525n.

Apps also collected user details

Besides the adware behavior, Wu says the apps also collected lots of sensitive information from the devices they were installed on. The breadth of collected info includes OS details, hardware specs, geolocation details, details on other apps, and so on.

Some apps contained a long-winded EULA agreement in which app authors disclosed their intrusive data collection practices, but Wu says the collected data was "unrelated to the functionality of the app."

This may have also been the reason why Google intervened and removed the apps from the Play Store. Wu published a list of all the apps that featured the intrusive behavior.

Related Articles:

Android Apps Pretend to Mine Unmineable CryptoCurrencies to Just Show Ads

Google’s Android Apps Are No Longer Free for European Smartphone Makers

Google Accidentally Pushed Internal November 2018 Security Update to Pixel User

Trojanized App In Google Play Steals Bank Customers' Euros

Study of 17,260 Android Apps Doesn't Find Evidence of Secret Spying