(Credit: Markusenes/Shutterstock)

One of the purported advantages of getting your Android and iOS apps from a centralized store is that you get higher security, because everything gets checked by Google's and Apple's sophisticated malware scanning mechanisms. But these mechanisms must be automated if they are to work when thousands of apps are getting updated or submitted every day, and that automation sometimes lets some bad actors through the filters.

Today, Trend Micro reports that it identified 85 Google Play Store apps (since removed) that pushed sketchy ads, spied on users and attempted to hide their presence. The company security detected similar programming code in many of these apps, which could point to a coordinated effort. The author of the report, engineer Ecular Xu, estimates that these apps were downloaded 9 million times, with one making up more than half of that total.

SEE: Special coverage: CES 2019

The most popular app was Easy Universal TV Remote, with over 5 million downloads and well over 100,000 user ratings.

But despite the app's seemingly solid 4-star rating (out of 5), Trend Micro points to a pattern of complaints in the user reviews that it verified through direct testing in a secure environment: The remote app initially opens, displays an ad or asks for a 5-star rating (the latter of which is a violation of Play Store policy), then disappears from view but appears to continue operating in the background.

In some cases, tapping any on-screen button would produce a full-screen ad instead of the action indicated by the button's label. The screen displaying the buttons would already be displaying a small banner ad on the bottom of the screen.

Another common theme is that these apps, after hiding themselves from the user, would produce another full-screen ad every 15 or 30 minutes, or an ad every time the screen was unlocked.

Xu says, "We tested each of the fake apps related to the adware family and discovered that though they come from different makers and have different APK cert public keys, they exhibit similar behaviors and share the same code."

FOLLOW Download.com on Twitter for all the latest app news.

How do you protect yourself from malicious or fake apps on the Google Play Store?

It's becoming increasingly difficult to use an app store's built-in security filters to separate the good apps from the bad ones. In some cases, it may be better to do a Google search for the app maker's website, which customarily features the correct links to the app stores. All things being equal, you can also trust our links to the vast Download app catalog.

More broadly, be careful when an app promises more than it should be capable of, like something that claims to give you free access to Netflix, or unlimited free Google Drive storage. Some apps -- like the Universal Remote one spotted by Trend Micro -- also exploit gaps in technical knowledge, which is more difficult to address.

For a universal remote of any kind to work, it needs an infrared "blaster" component. This emits a series of light patterns invisible to the human eye, but TVs and home theater receivers have an infrared sensor that can turn that pattern into a command like "change the channel" or "mute the volume."

An IR blaster is very rare to find in a mobile phone. And if it does have such a component, it's customarily controlled by an app that's installed by the phone's manufacturer at the factory, before it's even put in a shipping container. Certain third-party remote apps may perform better, but there's clearly some risks to testing out the alternatives.

In some cases, such as that of Trend Micro, you can get a security app for your Android phone that has its own "blacklist" of bad apps that will be corralled if they're ever detected on your device. These apps can also use their own app behavior monitoring techniques to spot malicious patterns and prohibit them from continuing.

Most of these mobile security apps require a subscription fee to keep using them after a free trial, but they tend to be much less expensive than what you would pay for a Windows antivirus app.


  • Japanese tech security firm Trend Micro spotted 85 apps on the Google Play Store which appear to exist primarily to push ads at the user, rather than performing their advertised actions. (All 85 have been removed.)
  • One app, claiming to be a universal remote, had been downloaded over 5 million times and had well over 100,000 user ratings, so this was not a fringe occurrence.

Read more

Tom McNamara is a Senior Editor for CNET's Download.com. He mainly covers Windows, mobile and desktop security, games, Google, streaming services, and social media. Tom was also an editor at Maximum PC and IGN, and his work has appeared on CNET, PC Gamer, MSN.com, and Salon.com. He's also unreasonably proud that he's kept the same phone for more than two years.