“Delete this app because it contains malware”: how do malicious apps get around Play Store and App Store filters?

The Applications They are a fundamental part of cell phones today and stores are full of them. But, each month there are lists of apps that contain malware, spy on and collect mobile activity, or charge subscriptions that users were unaware of. How are you circumventing the filters that Google or Apple have?

There are more app stores than the Play Store or App Store, since practically every technology company has its own. However, These two are the most used worldwide, since Apple and Google place them by default in their operating systems, iOS and Android, respectively..

While both companies are trustworthy and users tend to be more careful when downloading apps from unknown stores or websites, there is a chance that an app deemed “trustworthy” could end up infecting our devices. That is to say, the App Store and Play Store can be infallible.

LOOK: Google Maps can tell us how many times we ran into our partner before meeting them

Can a malicious application really pass through the filters of the Play Store or App Store?

According to Mario Micucci, security researcher at ESET Latin America, these types of apps can circumvent store filters. “An app that steals personal data or contains malware may pass store filters, such as the app store either Play Store. Although these have policies and review processes to try to prevent the release of malicious applications, they are not foolproof.”, he assures in dialogue with Trade.

Those who develop these types of threats usually look for some way to camouflage them. “Malware and malicious app creators may use techniques to hide their true nature, such as bundling malicious code into legitimate apps, and may also use automated tools to avoid detection”, he adds.

For his part, Fabio Assolini, director of Kaspersky’s research and analysis team for Latin America, assures that fighting this type of malicious apps is constant work. “In Google play [Store]where this is most common, moderators try to identify apps of this type, but new ones often appear before they can remove the ones they already located”, he points out in an interview with this Diary.

The creators of malicious apps look for a way to camouflage them so that they pass the store filters. (Pixabay/)

Some of the strategies used by the developers of these malicious apps involve monitoring the time of use. “One tactic is that Google performs automated analytics. To circumvent these, criminals plan or schedule the malicious application so that when it runs it does nothing malicious in the first 15 to 30 minutes. In this way, the malicious behavior is only activated after the application is installed. Google’s automated analysis will not find anything because it takes a few minutes”, adds the expert.

Added to this is launching “advances” of the apps so that users can try them out. “Another trick used by cybercriminals to circumvent Google’s security controls is to publish applications in beta testing mode. In this test mode, Google does not check the security of the applications, since the review is only done in the final version”, indicates Assolini.

However, one of the strategies with the greatest impact is the one that takes advantage of a bug in a trusted app. “Malware writers can use known vulnerabilities in a device or operating system to insert malicious code into a legitimate application.”, asserts Micucci.

LOOK: Apple will allow anyone to create apps for its mixed reality headset using Siri

Updates are the perfect allies for a malicious application

An update of an app, whose developers we know little about, could mean that at some point our cell phones are exposed to a threat. “Once a legitimate app has been downloaded, malware writers can use updates to insert malicious code into the app.”, notes Micucci.

Even many of the indications that an application is carrying out strange activities only surface when the users themselves notice it. “There are times when users report unusual behavior in the operation of an app or their device, which also prompts researchers to review such apps further.”, assures Assolini.

According to Statista, by October 2022, there were 3,553,050 apps available on the Play Store. In the App Store, for its part, there were 1,642,759 Applications until the same date. With these numbers, it is impossible to maintain continuous monitoring of each product. That is, not only review the candidates to be offered in stores, but also their updates.

LOOK: TikTok now allows the user to decide who can send them a message within the app

Some malicious app developers even take advantage of people’s interest in a specific topic. Recently, it was reported that there were several fake applications under the name of ChatGPT, despite the fact that OpenAI has not developed any mobile version of this chatbot. Some had up to more than 100 thousand downloads.

These apps were promoted in both stores and even asked for a payment of up to US$49.99 for “access all features”. After learning about the deception, most creators chose to change the name of the application or remove it from the stores. “The cybercriminals they are always aware of the latest trends or topics of interest to use them as a hook and thus deceive the largest number of users”, adds Assolini.

Therefore, when a malicious app is detected, it is removed immediately. “App stores, such as the App Store or Play Store, continually work to improve their malware detection and review processes, and also take steps to remove malicious apps once they are detected.adds Micucci.

App stores, such as the App Store or Play Store, can’t always keep up with monitoring updates. (Pixabay/)

What should I do if I downloaded an app and it was later reported as malicious?

If one has already been downloaded and it turns out that it was malicious, the user must act immediately. “It is important to remove the application of the device to prevent it from continuing to steal data or cause damagesays Micucci.

While this would seem to be enough, there are a few additional steps. “We must review the privacy settings of the device and make sure that the malicious application has not obtained unauthorized access to personal or sensitive information”, he adds.

This is important, as many of these apps seek to collect user keys. “If the malicious application has had access to passwords, it is important to change them immediately to prevent them from being used to access accounts and services”, says the expert.

LOOK: It was not your internet: Spotify presented a new fall worldwide

Finally, the user must report what happened. “We have to notify the proper authorities, such as the app store provider, about the malicious application so they can take steps to remove it and prevent other users from downloading it.”says Micucci.

Assolini, for his part, recommends using an antivirus or extra protection to improve the security of our cell phones. “By having a security solution, a scan will be carried out to establish the status of the device and, in case there is any malicious element, it will take actions to prevent the infection from continuing”, indicates.

Although stores like the App Store or Play Store are reliable, it is clear that they are not 100% infallible. Therefore, users should be cautious and inform themselves before downloading any. That is to say, take into account who the developer is, what permissions the app asks for, read the terms and conditions, and user reviews, which may include descriptions of suspicious activity. In addition, it is always important to keep updated the trusted apps to prevent a threat from taking advantage of a vulnerability.

Source: Elcomercio