Adware come in various forms; some stay quietly on the side of the screen, while others aggressively pop up on the main screen, causing a nuisance for users. While the latter may not necessarily be malicious, these can nonetheless inflict a great deal of trouble on the user, especially when the application is as annoying as it is fraudulent.
We recently discovered at least 68 fraudulent apps by five different developers that contain aggressive advertisements on Google Play. We’ve categorized them according to their tricks. These apps promise one thing on the app description page but may not actually provide or perform the functionalities as described. Users who download these fraudulent apps end up only wasting time watching advertisements and not getting what they signed up for.
Huge discrepancies between app content and its description/title
We found a number of apps on Google Play developed by EpicOmegaApps, which may look legitimate at first blush, since these come complete with an app title, description, and screenshots attached.
All 11 apps by this developer were published in December 2017, with each having an installation count ranging from 50 to 50,000. One app named Sim Unlocker promises to unlock SIM cards so users can use any other SIM network operator. Another app, called Remote Mouse Pro, claims it can convert the user’s phone into a wireless mouse.
After users install the apps, they are subjected to a series of guided screens, with advertisements popping up at every single Next button pressed. However, despite the detailed descriptions for the apps, they provide none of the described functionalities.
All these apps manifest identical behaviors upon launching: after users install the apps, they are subjected to a series of guided screens, with advertisements popping up at every single Next button pressed. However, despite the detailed descriptions for the apps, they provide none of the described functionalities.
A quick glance at the app reviews reveals a long list of complaints regarding these apps’ failure to deliver their promised functionalities, not to mention the aggressive advertising behavior.
We’ve seen another developer, called Pinwheel, which published at least 40 identical fraudulent apps. Some of these apps were named after popular games and movies, such as Far Cry and 13 Reasons Why, to entice users to install them.
When launched, these apps show users only an image that’s similar to the Play Store app’s image, with very aggressive advertisement pop-ups. Unbeknownst to the user, the image displayed is not an actual splash screen, but rather a static image.
These apps were uploaded to Google Play in June 2018. As of this writing, the developer appeared to still be uploading such fake apps, which had a total installation count of at least 13,000.
Minimal functionality that doesn’t match the description/title
While the first category lists apps that provide no functionality at all, this one includes apps that provide at least one—however, the functionality is different from what appears in the description.
We found two identical apps developed by Zaybra, localized in the Arabic and English language. These masquerade as mobile phone number tracker apps, but the only functionality both provide is announcing the phone number of incoming text messages and calls. This behavior is not listed in the Play Store’s description and title. These apps also push aggressive advertisements to users.
The two apps were uploaded to the Play Store between January and May 2018, with total download counts of 11,000.
App content matches the description/title, but no real functionality provided
We also found data recovery apps by Simple Designs Ltd, which were published in May 2018, with a total of 34,000 downloads. These apps have a legitimate-looking user interface, but do not provide the promised functionalities.
These apps deceive users by giving a false impression that they indeed work as described. However, these apps do not actually recover any data. Rather, they just display the data that still exists on the user’s device. Aside from this fraudulent behavior, these apps also push advertisements to users every few seconds.
We’ve found other developers, such as AppTchi and Zaybra, which trick users into thinking that their apps worked as described, while displaying advertisements aggressively.
Two apps by these developers, which were uploaded around March and April 2018 and have a total installation count of 11,000, claimed to recover deleted data. To give users the impression that they functioned properly, the apps, which are localized in the Arabic language, used a fake progress bar and a fake notification which were purely aesthetic.
We reported all the apps discussed in this blog to Google in July 2018. Some of the apps have been removed, while the rest are still available on the Play Store.
Symantec and Norton products detect these apps as:
Stay protected from mobile risks and malware by taking these precautions:
- Keep your software up to date
- Do not download apps from unfamiliar sites
- Only install apps from trusted sources
- Pay close attention to the permissions requested by apps
- Install a suitable mobile security app, such as Norton or Symantec Endpoint Protection Mobile, to protect your device and data
- Make frequent backups of important data