Running into malware or dangerous applications is inevitable, given the scale at which Google Play Store operates. Google has a number of standards in place to prevent fake apps from making their way to the Play Store, but it is virtually impossible to get rid of each one of them.
A group of researchers from the University of Sydney and CSIRO’s Data61 discovered more than 2000 bogus applications, imitating popular apps and games. These two institutions together investigated over one million applications over two years and the results were mind-boggling.
Temple Run and More
The 2040 applications identified as malware or fake included copies of popular games like Temple Run, Free Flow, Hill Climb Racing and some fitness and photo editing apps. These applications either have hidden malware or ask for unnecessary permissions.
Almost all of these applications have more than 100 million downloads, 500 million in case of Hill Climb Racing. Where some of these copied apps are malware, others are just harmless imitations wanting to make quick money using the brand’s name, however, the extra permissions requested by the fake applications gives them access to your data which poses a significant risk.
Dr. Suranga Seneviratne from USyd’s School of Computer Science said,
Many fake apps appear innocent and legitimate — smartphone users can easily fall victim to app impersonations and even a tech-savvy user may struggle to detect them before installation, In an open app ecosystem like Google Play the barrier to entry is low so it’s relatively easy for fake apps to infiltrate the market, leaving users at risk of being hacked, While Google Play’s success is marked on its flexibility and customizable features that allow almost anyone to build an app, there have been a number of problematic apps that have slipped through the cracks and have bypassed automated vetting processes.
Machine Learning and Neural Networks
The researchers used neural networks and machine learning to analyze 1 million applications. The algorithm was designed to find text and visual similarity to the 10,000 famous Google Play store applications.
About 49,608 threats were returned by the algorithm out of which, 2040 were high-risk apps, 7246 were flagged malicious, 1565 requested sensitive permissions and 1407 embedded third-party libraries for ads.