Fifty apps in Google Play Store, downloaded 4.2 million times, secretly charging users

[Meechgalhuquot]

Basically some apps passed Google's detection for malware, and these apps which were downloaded millions of times, and these apps used there permissions to access SMS to charge the user. If Play Protect is disabled by user on infected phones or an older version of android that doesn't support the feature, users will need to uninstall manually. If Play Protect is active, then Google will automatically remove any apps detected to have malware

 

Quote

"The apps then used the phone numbers to sign up unwitting users to premium services and to send fraudulent premium text messages, a move that caused users to be billed. Check Point researchers didn't know how much revenue was generated by the apps."

 -Ars Technica article

 

https://arstechnica.com/information-technology/2017/09/malicious-apps-with-1-million-downloads-slip-past-google-defenses-twice/

 

https://community.spiceworks.com/topic/2050412-snap-equifax-woes-continue-google-announces-pixel-event

[PCGuy_5960]

Google should have stricter guidelines on how apps are submitted to the Play Store and/or improve their malware detection

[jagdtigger]

Or just take away all permissions from apps and let the user decide what an app can access. LineageOS FTW...

[The Sloth]

1 minute ago, jagdtigger said:

Or just take away all permissions from apps and let the user decide what an app can access. LineageOS FTW...

Android 7.1 and 8.0 also does this 

[Meechgalhuquot]

1 minute ago, jagdtigger said:

Or just take away all permissions from apps and let the user decide what an app can access. LineageOS FTW...

LineageOS is definitely my preferred OS for permission controls when it comes to Android. My HTC One is on AICP which is based on LineageOS. I'm glad stock andoid has been getting granular permissions control too. Its one of the advantages iOS had over android for awhile that is now more even

[jagdtigger]

4 minutes ago, nerdslayer1 said:

Android 7.1 and 8.0 also does this 

Yeah but only a few phone will get it, most of the phones stuck with the version they got at release so for many people only option is to use a "cooked ROM"... And CM had this function way before it was implemented into the stock android.

[Sir Asvald]

I believe any apps that go on the Google play store or the Apple store should have their source code checked. Uploaded to a secure site and then the app can be on the Stores.

[lvh1]

35 minutes ago, nerdslayer1 said:

Android 7.1 and 8.0 also does this 

6.0 too, that was released almost 2 years ago

I believe any apps that go on the Google play store or the Apple store should have their source code checked. Uploaded to a secure site and then the app can be on the Stores.

That's exactly what happens now. But of course those algorithms aren't perfect.

[Mira Yurizaki]

19 minutes ago, Abdul201588 said:

I believe any apps that go on the Google play store or the Apple store should have their source code checked. Uploaded to a secure site and then the app can be on the Stores.

That woulds severely degrade the ecosystem because 1. you have to pay someone to code review it 2. it may take a long time for an app to go through the process and 3. they may still slip up and let something pass.

 

You can either have it open, cheap, and fluid, or closed, expensive, and rigid as all hell.

[DildorTheDecent]

Of course it's stupid cameras, wallpapers and filters apps. 

 

Who would have thought it would have been anything different. 

[Meechgalhuquot]

5 minutes ago, M.Yurizaki said:

That woulds severely degrade the ecosystem because 1. you have to pay someone to code review it 2. it may take a long time for an app to go through the process and 3. they may still slip up and let something pass.

 

You can either have it open, cheap, and fluid, or closed, expensive, and rigid as all hell.

So Android vs iOS. 

[Mira Yurizaki]

2 minutes ago, Meechgalhuquot said:

So Android vs iOS. 

I doubt Apple code reviews things though. They probably review it on a higher level so that you can't make an app that costs $999 just to say "lol i can wipe my ass with $100 bills" whereas I'd imagine on Android someone has to report the app first before someone takes action.

 

But I don't know. I don't publish for either ecosystem.

[dfsdfgfkjsefoiqzemnd]

Apple doesn't review code all that much either, plenty of malicious apps made it into their app store.

 

Stuff like this is why I only use F-Droid anymore.  

[mr moose]

Does this meant he apps had permission to access sms yet that wasn't made clear during install? 

 

I have never understood why any game or most apps need permission to access accounts, sms, phone history etc.  Let alone why people install them.

 

 

[Dabombinable]

1 hour ago, jagdtigger said:

Yeah but only a few phone will get it, most of the phones stuck with the version they got at release so for many people only option is to use a "cooked ROM"... And CM had this function way before it was implemented into the stock android.

My tablet has Android 7.1.2, and its from late 2011/early 2012.

[DildorTheDecent]

1 hour ago, M.Yurizaki said:

I doubt Apple code reviews things though. They probably review it on a higher level so that you can't make an app that costs $999 just to say "lol i can wipe my ass with $100 bills" whereas I'd imagine on Android someone has to report the app first before someone takes action.

 

But I don't know. I don't publish for either ecosystem.

http://gizmodo.com/5034122/guy-buys-999-im-rich-app-discovers-hes-just-dumb

http://latimesblogs.latimes.com/technology/2008/08/iphone-i-am-ric.html

https://web.archive.org/web/20110525112738/http://asia.cnet.com/crave/wealth-flaunting-app-arrives-on-android-phones-62106338.htm

http://www.webcitation.org/5vBAXX1x7?url=http://www.mobilecrunch.com/2010/12/22/i-am-rich-windows-phone/

 

Although the iOS release was 9 years ago, things should be better now. 

[jagdtigger]

11 hours ago, Dabombinable said:

My tablet has Android 7.1.2, and its from late 2011/early 2012.

Then you have one of the exceptions... The last official ROM that my phone(Galaxy S5) got was 6.0.

[Dabombinable]

8 minutes ago, jagdtigger said:

Then you have one of the exceptions... The last official ROM that my phone(Galaxy S5) got was 6.0.

Oh its not official, Android stopped at 4.1.2 for it-meaning that without a custom ROM I couldn't even use MS Word on it (though it runs perfectly under 7.1.2 with zram enabled)

[Sauron]

13 hours ago, nerdslayer1 said:

Android 7.1 and 8.0 also does this 

6 too, or at least it gives you the option to block permissions.

[dfsdfgfkjsefoiqzemnd]

7 hours ago, huilun02 said:

And not telling us what are the 50 apps defeats the investigation in the first place...

https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/

 

About halfway down the page is the full list.