Posted: 4 Min Read Threat Intelligence

More Fraudulent Apps Containing Aggressive Adware Found on Google Play

Symantec has found 68 fraudulent apps by five different developers that contain aggressive advertisements.

Adware come in various forms; some stay quietly on the side of the screen, while others aggressively pop up on the main screen, causing a nuisance for users. While the latter may not necessarily be malicious, these can nonetheless inflict a great deal of trouble on the user, especially when the application is as annoying as it is fraudulent.

We recently discovered at least 68 fraudulent apps by five different developers that contain aggressive advertisements on Google Play. We’ve categorized them according to their tricks. These apps promise one thing on the app description page but may not actually provide or perform the functionalities as described. Users who download these fraudulent apps end up only wasting time watching advertisements and not getting what they signed up for.

"Symantec mobile researchers discover 68 fraudulent apps available on Google Play pushing aggressive advertisements https://symc.ly/2MTb5Qz"

Huge discrepancies between app content and its description/title

We found a number of apps on Google Play developed by EpicOmegaApps, which may look legitimate at first blush, since these come complete with an app title, description, and screenshots attached.

Figure 1. EpicOmegaApps's Sim Unlocker app comes complete with a title and description page, making it seem legitimate
Figure 1. EpicOmegaApps's Sim Unlocker app comes complete with a title and description page, making it seem legitimate

All 11 apps by this developer were published in December 2017, with each having an installation count ranging from 50 to 50,000. One app named Sim Unlocker promises to unlock SIM cards so users can use any other SIM network operator. Another app, called Remote Mouse Pro, claims it can convert the user’s phone into a wireless mouse.

After users install the apps, they are subjected to a series of guided screens, with advertisements popping up at every single Next button pressed. However, despite the detailed descriptions for the apps, they provide none of the described functionalities.

All these apps manifest identical behaviors upon launching: after users install the apps, they are subjected to a series of guided screens, with advertisements popping up at every single Next button pressed. However, despite the detailed descriptions for the apps, they provide none of the described functionalities.

Figure 2. Similar screens of Sim Unlocker and Remote Mouse Pro that prompt users to enter their user names. Ads aggressively pop up at each click of the Next button.
Figure 2. Similar screens of Sim Unlocker and Remote Mouse Pro that prompt users to enter their user names. Ads aggressively pop up at each click of the Next button.

A quick glance at the app reviews reveals a long list of complaints regarding these apps’ failure to deliver their promised functionalities, not to mention the aggressive advertising behavior.

Figure 3. User reviews for the Sim Unlocker app on the Play Store indicate users do not get the promised functionality
Figure 3. User reviews for the Sim Unlocker app on the Play Store indicate users do not get the promised functionality

We’ve seen another developer, called Pinwheel, which published at least 40 identical fraudulent apps. Some of these apps were named after popular games and movies, such as Far Cry and 13 Reasons Why, to entice users to install them.

Figure 4. Pinwheel uses misleading names from popular movies and games to entice users
Figure 4. Pinwheel uses misleading names from popular movies and games to entice users

When launched, these apps show users only an image that’s similar to the Play Store app’s image, with very aggressive advertisement pop-ups. Unbeknownst to the user, the image displayed is not an actual splash screen, but rather a static image.

Figure 5. Pinwheel displays a make-believe splash screen, with many advertisements pushed
Figure 5. Pinwheel displays a make-believe splash screen, with many advertisements pushed

These apps were uploaded to Google Play in June 2018. As of this writing, the developer appeared to still be uploading such fake apps, which had a total installation count of at least 13,000.

Table 1. Details of the apps that contain a huge discrepancy between content and descriptions/titles
Table 1. Details of the apps that contain a huge discrepancy between content and descriptions/titles

Minimal functionality that doesn’t match the description/title

While the first category lists apps that provide no functionality at all, this one includes apps that provide at least one—however, the functionality is different from what appears in the description.

We found two identical apps developed by Zaybra, localized in the Arabic and English language. These masquerade as mobile phone number tracker apps, but the only functionality both provide is announcing the phone number of incoming text messages and calls. This behavior is not listed in the Play Store’s description and title. These apps also push aggressive advertisements to users.

The two apps were uploaded to the Play Store between January and May 2018, with total download counts of 11,000.

Figure 6. The app, whose title translates to “Reveal the caller's name and place for free”, provides at least one functionality but it differs from the description
Figure 6. The app, whose title translates to “Reveal the caller's name and place for free”, provides at least one functionality but it differs from the description
Table 2. Details of the apps that have minimal functionalities that do not match with their descriptions/titles
Table 2. Details of the apps that have minimal functionalities that do not match with their descriptions/titles

App content matches the description/title, but no real functionality provided

We also found data recovery apps by Simple Designs Ltd, which were published in May 2018, with a total of 34,000 downloads. These apps have a legitimate-looking user interface, but do not provide the promised functionalities.

These apps deceive users by giving a false impression that they indeed work as described. However, these apps do not actually recover any data. Rather, they just display the data that still exists on the user’s device. Aside from this fraudulent behavior, these apps also push advertisements to users every few seconds.

Figure 7. Simple Designs Ltd’s data recovery app as it appears on Google Play, and the seemingly legitimate user interface of the app
Figure 7. Simple Designs Ltd’s data recovery app as it appears on Google Play, and the seemingly legitimate user interface of the app

We’ve found other developers, such as AppTchi and Zaybra, which trick users into thinking that their apps worked as described, while displaying advertisements aggressively.

Two apps by these developers, which were uploaded around March and April 2018 and have a total installation count of 11,000, claimed to recover deleted data. To give users the impression that they functioned properly, the apps, which are localized in the Arabic language, used a fake progress bar and a fake notification which were purely aesthetic.

Figure 8. Zaybra’s image recovery app, whose translated title is “Accurately retrieve deleted pictures and videos in high quality”, used fake progress and notification bars
Figure 8. Zaybra’s image recovery app, whose translated title is “Accurately retrieve deleted pictures and videos in high quality”, used fake progress and notification bars
Table 3. Details of the apps whose content fits the description/title on Google Play, but do not provide any real functionality
Table 3. Details of the apps whose content fits the description/title on Google Play, but do not provide any real functionality

We reported all the apps discussed in this blog to Google in July 2018. Some of the apps have been removed, while the rest are still available on the Play Store.

Protection

Symantec and Norton products detect these apps as:

Mitigation

Stay protected from mobile risks and malware by taking these precautions:

  • Keep your software up to date
  • Do not download apps from unfamiliar sites
  • Only install apps from trusted sources
  • Pay close attention to the permissions requested by apps
  • Install a suitable mobile security app, such as Norton or Symantec Endpoint Protection Mobile, to protect your device and data
  • Make frequent backups of important data

File Attachments

About the Author

May Ying Tee

Associate Software Engineer

May Ying is a member of Symantec’s Security Technology and Response team where she is focused on researching and developing mobile security technologies.

About the Author

Martin Zhang

Princ Software Engineer

Martin is a member of Symantec’s Security Technology and Response team who are focused on providing round-the-clock protection against current and future cyber threats.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.