MOBILE SECURITY firm Lookout has revealed that over 500 popular apps have been removed from the Google Play Store after a backdoor was found that would allow a developer to add in spyware at any time. Nothing new there, of course.
A large number of apps using the Igexin software development kit (SDK) have been found to carry the flaw, totaling over 100 million downloads.
A blog post from two of the company's researchers explains: "It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote server."
"Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality - nor are they in control or even aware of the malicious payload that may subsequently execute. Instead, the invasive activity initiates from an Igexin-controlled server."
The apps affected are not niche. Igexin-enabled apps include games targeted at teens (one of which was in the 50-100 million downloads band), weather apps (one of which has 1-5 million), Internet Radio (500,000-1 million), Photo editors (1-5 million) as well as other categories including educational, health and fitness, travel, emoji and home video camera apps.
The research came about after some large, encrypted files were being downloaded by the app from a series of initial requests to a REST API. This is a common technique for such viral "afterware".
Lookout, which has warned many times of Android malware dangers, emphasises that many developers probably weren't even aware of what evil lurks under the bonnet of their apps, and unwittingly gave Igexin permission to do the do when ready. It also points out that not all versions of Igexin are evil and ergo Igexin isn't, in and of itself, in the wrong.
Although Lookout has declined to name the apps in question it points out that users of its security apps are protected from the issue. Because of course they are. We'd assume this applies to most anti-malware suites for Android. Others are available.
Apps affected have been removed and in most cases replaced with safe versions.
For its part, Google recently launched Google Play Protect, an in-built suite of security features to root out dodgy apps at the cloud level, before they even touch your phone. µ
No reference points. No mercy
Google Play may need a new door man
Claims its approach to open source is better
They do say that things fall like dominoes