(Credit: RiskIQ)

Cybersecurity firm Stealthcare announced today the discovery of some nasty malware hidden inside an Android app on the Google Play Store. According to Stealthware and other security firms reporting on the issue, Advanced Battery Saver actually can help with battery life, but it can also steal your data and generate fake clicks for in-app advertisements.

SEE: Dashlane's new Inbox Security Scan can check your emails for malware

According to security firm RiskIQ, the app gets onto your device through pop-up ads on the Internet that link to the download page on the Google Play store. The ad is disguised to look like a warning produced by your Android device, right down to correctly identifying the model and manufacturer. This specially crafted ad page also produces another fake warning if you try to navigate elsewhere.

As we've noted before, it's a big red flag when an app asks for permissions that it shouldn't need, and Advanced Battery Saver is an excellent example. Among other things, it wants full network access, the ability to receive data and text messages, and to read sensitive log data. An app that optimizes battery life shouldn't need any of those permissions.

Another element is the fake ad clicker. In an app supported by ads, the developer can arrange to get money based on how many times the ad is clicked or tapped. As you might imagine, this has created a cottage industry of what's called click fraud, where advertisers end up making huge payouts based on all those fake clicks.

According to RiskIQ, Advanced Battery Saver contains this ad clicker, and installing the app lets this clicker secretly report your phone number, IMEI (basically like a car's VIN code but for mobile devices), and even your current location.

So what app do you use to improve battery life?

There are a lot of battery optimizing apps on the Google Play Store, because the Android platform has been open to devices with small or low-quality batteries from the very beginning. But if you stick with recognizable app developers, you should be fairly safe. One example is McAfee's Mobile Booster & Cleaner.

FOLLOW Download.com on Twitter to keep up with the latest app news.

McAfee's memory cleaner component is not that useful because Android is actually pretty good about managing memory usage on its own, but the battery saver part is legit for identifying apps that use a lot of battery power, and it can give you an estimate of how much time you have left before you need to recharge. Greenify is another good choice, and it gives you more options than McAfee, but it's a little complicated to set up.

The takeaways

  1. When you install an app from the Google Play Store, be wary of it asking for excessive permissions. For example, most utility apps shouldn't be asking for network access or texting privileges.
  2. Also be wary of warning messages on your device that encourage you to download a specific app.

Also see

Tom is the senior editor covering Windows at Download.com.