Google has just removed 85 problematic apps from the Play Store. This development comes right after security researchers at Trend Micro discovered adware in these apps. Security researchers revealed that most of these apps were disguised as photography apps and games. The surprising part is that more than 8 million users had already downloaded these apps before the discovery. Some of the now-removed popular apps include Super Selfie, Cos Camera, Pop Camera, and One Stroke Line Puzzle.
Details of Adware apps of Google Play Store
According to a blog post by Trend Micro, researchers revealed that these apps would hide their icon. They would then make a shortcut on the home screen about 30 minutes installation. This would make it difficult for users to uninstall them simply by dragging to the bin on the home screen. The apps would also use something called Java reflection. This allowed these apps to inspect or modify the behavior of any given app. Once these apps detected that the user had unlocked the smartphone, they would start showcasing full-screen ads.
These apps only allowed users to close the program after they saw the complete ad. The blog post also revealed that people behind these apps could also remotely change the properties of these apps. For instance, they could change the number of times these apps served ads to the users. Digging deeper, security researchers detected the “AndroidOS_Hidenad.HRXH” adware in these apps.
Researchers noted that “AndroidOS_Hidenad.HRXH” was not like any other regular adware that plagues the internet. The highlights of this adware are difficulty in detection, closing the ads, and time-based triggers. Researchers did note that the adware was less likely to be effective on recent Samsung devices. Users with smartphones on Android 8 Oreo or later were also less likely to be impacted. This is because Samsung devices stop any app from making a shortcut on the home screen. Android 8 Oreo-based system requires the app to ask for permission to add a shortcut on the home screen. Such shortcut prompts are more than sufficient to raise suspicion.