Researchers Say Kids' Android Apps Are Still Riddled With Malware
from the all-fun-and-games-until-somebody-gets-hurt dept
While numerous vendors and tech giants have cooked up lower-cost Android phones with marketing focused on helping the poor, a recent study by advocacy group Privacy International found that the privacy trade offs of these devices are... potent. Not only do they usually come with outdated OS' opening the door to hackers, the phones have locked down user control to such a degree they're unable to remove apps that may also pose security risks. In this way, the researchers argued, we've made privacy a luxury option that's only available to those who can actually afford it.
But the poor aren't the only ones harmed by our continually lax treatment of consumer privacy and security. In a new blog post, researchers from Checkpoint Software say that a huge number of kids-oriented Android apps are also privacy and security nightmares. The researchers recently identified a new malware family found in 56 applications that were collectively downloaded some 1 million times globally. Motivated by advertising fraud, the "Tekya" malware imitates the user’s actions in order to click ads and banners from agencies like Google’s AdMob, AppLovin’, Facebook, and Unity, Checkpoint found.
Most-malware infected apps compromise the end users' data, credentials, emails, text messages, and geographical location. Twenty four of those apps were aimed at children, the researchers noted:
"During this research, the Tekya malware family went undetected by VirusTotal and Google Play Protect. Ultimately, it was available for download in 56 applications downloadable on Google Play.
This campaign cloned legitimate popular applications to gain an audience, mostly with children, as most application covers for the Tekya malware are children’s games. The good news is, these infected applications have all been removed from Google Play."
While these apps have been removed and Google has ramped up its security practices in recent years, it's not a problem that's generally going away anytime soon:
"This highlights once again that the Google Play Store can still host malicious apps. There are nearly 3 million apps available from the store, with hundreds of new apps being uploaded daily – making it difficult to check that every single app is safe. Thus, users cannot rely on Google Play’s security measures alone to ensure their devices are protected."
In short, anybody trusting the integrity and safety of the Google Play store is making a significant error. And folks who aren't taking an active role in protecting their kids' privacy and security are being negligent. The Checkpoint blog has a good list of the latest apps you should be aware of.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
So the play store = the internet
Looks like the store is LOADED with trojan horses. Just like advertising on websites, policing to make sure they're compliant to TOS and laws is impossible.
[ link to this | view in chronology ]