Application security




In February 2012, Google introduced a new automated antivirus system, called Google Bouncer, to scan both new and existing apps for malware (e. g. spyware or trojan horses). In 2017, the Bouncer feature and other safety measures within the Android platform were rebranded under the umbrella name Google Play Protect, a system that regularly scans apps for threats.

Android apps can ask for or require certain permissions on the device, including access to body sensors, calendar, camera, contacts, location, microphone, phone, SMS, storage, WI-FI, and access to Google accounts.

In July 2017, Google described a new security effort called "peer grouping", in which apps performing similar functionalities, such as calculator apps, are grouped together and attributes compared. If one app stands out, such as requesting more device permissions than others in the same group, Google's systems automatically flag the app and security engineers take a closer inspection. Peer grouping is based on app descriptions, metadata, and statistics such as download count.

Security issues

In early March 2011, DroidDream, a trojan rootkit exploit, was released to the then-named Android Market in the form of several free applications that were, in many cases, pirated versions of existing priced apps. This exploit allowed hackers to steal information such as IMEI and IMSI numbers, phone model, user ID, and service provider. The exploit also installed a backdoor that allowed the hackers to download more code to the infected device. The exploit only affected devices running Android versions earlier than 2.3 "Gingerbread". Google removed the apps from the Market immediately after being alerted, but the apps had already been downloaded more than 50,000 times, according to Android Police's estimate. Android Police wrote that the only method of removing the exploit from an infected device was to reset it to a factory state, although community-developed solutions for blocking some aspects of the exploit were created. A few days later, Google confirmed that 58 malicious apps had been uploaded to Android Market, and had been downloaded to 260,000 devices before being removed from the store. Google emailed affected users with information that "As far as we can determine, the only information obtained was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device)" as opposed to personal data and account information. It also announced the then-new "remote kill" functionality, alongside a security update, that lets Google remotely remove malicious apps from users' devices. However, days later, a malicious version of the security update was found on the Internet, though it did not contain the specific DroidDream malware. New apps featuring the malware, renamed DroidDream Light, surfaced the following June, and were also removed from the store.

At the Black Hat security conference in 2012, security firm Trustwave demonstrated their ability to upload an app that would circumvent the Bouncer blocker system. The application used a JavaScript exploit to steal contacts, SMS messages, and photos, and was also capable of making the phone open arbitrary web pages or launch denial-of-service attacks. Nicholas Percoco, senior vice president of Trustwave's SpiderLabs advanced security team, stated that "We wanted to test the bounds of what it's capable of". The app stayed on Google Play for more than two weeks, being repeatedly scanned by the Bouncer system without detection, with Percoco further saying that "As an attack, all a malware attacker has to do to get into Google Play is to bypass Bouncer". Trustwave reached out to Google to share their findings, but noted that more manual testing of apps might be necessary to detect apps using malware-masking techniques.

According to a 2014 research study released by RiskIQ, a security services company, malicious apps introduced through Google Play increased 388% between 2011 and 2013, while the number of apps removed by Google dropped from 60% in 2011 to 23% in 2013. The study further revealed that "Apps for personalizing Android phones led all categories as most likely to be malicious". According to PC World, "Google said it would need more information about RiskIQ's analysis to comment on the findings."

In October 2016, Engadget reported about a blog post named "Password Storage in Sensitive Apps" from freelance Android hacker Jon Sawyer, who decided to test the top privacy apps on Google Play. Testing two applications, one named "Hide Pictures Keep Safe Vault" and the other named "Private Photo Vault", Sawyer found significant errors in password handling in both, and commented, "These companies are selling products that claim to securely store your most intimate pieces of data, yet are at most snake oil. You would have near equal protection just by changing the file extension and renaming the photos."

In April 2017, security firm Check Point announced that a malware named "FalseGuide" had been hidden inside approximately 40 "game guide" apps in Google Play. The malware is capable of gaining administrator access to infected devices, where it then receives additional modules that let it show popup ads. The malware, a type of botnet, is also capable of launching DDoS attacks. After being alerted to the malware, Google removed all instances of it in the store, but by that time, approximately two million Android users had already downloaded the apps, the oldest of which had been around since November 2016.

In June 2017, researchers from the Sophos security company announced their finding of 47 apps using a third-party development library that shows intrusive advertisements on users' phones. Even after such apps are force-closed by the user, advertisements remain. Google removed some of the apps after receiving reports from Sophos, but some apps remained. When asked for comment, Google didn't respond. In August 2017, 500 apps were removed from Google Play after security firm Lookout discovered that the apps contained an SDK that allowed for malicious advertising. The apps had been collectively downloaded over 100 million times, and consisted of a wide variety of use cases, including health, weather, photo-editing, Internet radio and emoji.

In all of 2017, over 700,000 apps were banned from Google Play due to abusive contents; this is a 70% increase over the number of apps banned in 2016.

In March 2020, Check Point discovered 56 apps containing a malware program that had infected a total of 1 million devices. The program, called Tekya, was designed to evade detection by Google Play Protect and VirusTotal and then fraudulently click on ads. Around the same time, Dr. Web discovered at least six apps with 700,000 total downloads containing at least 18 modifications program called Android.Circle.1. In addition to performing click fraud, Android.Circle.1 can also operate as adware and perform phishing attacks.

Comments

Post a Comment

Popular posts from this blog

Google Play

Image
Google Play , formerly Android Market , is a digital distribution service operated and developed by Google. It serves as the official app store for certified devices running on the Android operating system, allowing users to browse and download applications developed with the Android software development kit (SDK) and published through Google. Google Play also serves as a digital media store, offering music, books, movies, and television programs. It previously offered Google hardware devices for purchase until the introduction of a separate online hardware retailer, Google Store, on March 11, 2015, and it also offered news publications and magazines before the revamp of Google News on May 15, 2018, and it also offered music until October 2020 when the service was replaced with YouTube Music. Applications are available through Google Play either free of charge or at a cost. They can be downloaded directly on an Android device through the proprietary Play Store mobile app or by deployi...
Read more

App monetization

Image
Google states in its Developer Policy Center that "Google Play supports a variety of monetization strategies to benefit developers and users, including paid distribution, in-app products, subscriptions, and ad-based models", and requires developers to comply with the policies in order to "ensure the best user experience". It requires that developers charging for apps and downloads through Google Play must use Google Play's payment system. In-app purchases unlocking additional app functionality must also use the Google Play payment system, except in cases where the purchase "is solely for physical products" or "is for digital content that may be consumed outside of the app itself (e.g. songs that can be played on other music players)." Support for paid applications was introduced on February 13, 2009 for developers in the United States and the United Kingdom, with support expanded to an additional 29 countries on September 30, 2010. The in-app...
Read more

User interface

Image
Apart from searching for content by name, apps can also be searched through keywords provided by the developer. When searching for apps, users can press on suggested search filters, helping them to find apps matching the determined filters. For the discoverability of apps, Play Store consists of lists featuring top apps in each category, including "Top Free", a list of the most popular free apps of all time; "Top Paid", a list of the most popular paid apps of all time; "Top Grossing", a list of apps generating the highest amounts of revenue; "Trending Apps", a list of apps with recent installation growth; "Top New Free", a list of the most popular new free apps; "Top New Paid", a list of the most popular new paid apps; "Featured", a list of new apps selected by the Google Play team; "Staff Picks", a frequently-updated list of apps selected by the Google Play team; "Editors' Choice", a list of ...
Read more