Skip to main content
  1. Home
  2. Mobile
  3. News

500,000 people downloaded QR code apps with embedded malware from Google Play

By

Android malware seems to be everywhere. Every few weeks, we hear of a new set of apps on the Google Play Store that have some kind of malware embedded in them, and this time around it seems like a series of QR code readers may be targeting unknowing users.

The news comes in a report from SophosLabs, and it notes that as many as seven QR code readers on the Google Play Store may have been infected with malware. In addition to the QR code apps, one smart compass may have also been infected.

Recommended Videos

The malware itself is called Andr/HiddnAd-AJ, and as the name suggests, it basically plays ads on your phone — after lying low for a while to “lull you into a false sense of security.” The malware waits six hours before it springs into action and starts serving up full-screen ads and opening ads on webpages. The malware also sends users notifications with links to ads.

Related

According to Sophos, the malicious apps were downloaded as many as 500,000 times before Google removed them from the Google Play Store, and they were able to make it through Google’s scanning by essentially hiding the hostile code in what looked to be regular Android app code. At least on the surface, the apps did what they advertised they could do. The QR code readers could still read QR codes, and if you downloaded the apps for one use, only to delete them afterwards, you likely never would have run into the ads that the apps serve up. That, plus the fact that the malicious code didn’t kick into gear until 6 hours after installation, helped the apps avoid detection.

Of course, it’s likely the incident will help Google refine its malware scanning process — so it’s entirely possible that we won’t see apps similar to this again. It’s also still recommended that you continue using Google Play, if possible. While incidents like this do happen every now and again, the fact is that downloading apps from Google is far safer than downloading them from third-party marketplaces.

“Many off-market Android app repositories have no checks at all – they’re open to anyone, which can be handy if you’re looking for unusual or highly specialized apps that wouldn’t make it onto Google Play (or trying to publish unconventional content),” said Sophos in its blog post.

Editors’ Recommendations

Topics
Christian de Looper
Christian de Looper
Contributor
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…
Google Play Store helps find the apps invading your privacy
Instagram app on the Google Play Store on an Android smartphone.

Google has implemented a feature that requires app makers to disclose what data their apps are taking from users. Starting today, Android users will be able to see specific information about their apps' data collection through the Google Play Store. The data is accessible in the Play Store via the "Data Safety" tab listed in the information section for all apps.

With Google's announcement that the feature's rollout is live, the company notes that not all apps will be showing what privacy data they collect immediately. App makers have until July 20, 2022, to provide the Play Store with privacy information, making the feature something of a gradual rollout. It's likely that apps that take more types of data (like social media apps) will take longer to post the required info due to the sheer number of data points they collect when compared to something simpler such as an offline game.

Read more
Google just banned call-recording apps from the Play Store
google-pixel-3a-xl-phone-call

Google will soon ban third-party call-recording apps from the Play Store. First highlighted by a developer of an affected app, Google made the announcement in a Google Play policy update that becomes effective on May 11. Once in force, developers who want to submit apps to the Play Store will no longer be able to use the Android Accessibility API to record calls, killing the utility of call-recording apps on Android.

Google hasn't allowed third-party call recording on Android officially for years now. It's no surprise as call recording is a legal minefield, with different countries and even states having their own rules. If you're using a first-party phone app, you'll notice that this feature appears or disappears depending on where your phone thinks you are, and third-party recording apps hacking onto the company Accessibility API were one way to get around this.

Read more
Google ditches Play Movies app in favor of Google TV
aftermaster pro fixes tv movie audio issues man on couch watches a mobile phone

The Google TV app is taking over for Play Movies & TV across all Android devices. When Google TV was introduced in late 2020, its mission to replace Play Movies & TV seemed like a good idea as the preinstalled app wasn't doing a lot to take users' attention away from other streaming apps. Google TV's addition to the Android ecosystem has been pretty gradual up to this point, but now it's set to be an essential part of the Android experience.

Play Movies & TV will be officially retired as the face of Android's streaming content store in favor of Google TV starting in May. At that point, buying content on Play Movies & TV will no longer be supported in the Play Store, Google announced earlier this week. Google TV will take Play Movies & TV's place as the preinstalled streaming app included by default on every Android device at that point.

Read more