It has also been mentioned that at the time of discovery, 21 of these apps were still there on Google Play Store. Some other apps can be downloaded and installed via third-party app stores. ESET classifies this adware as Android/AdDisplay.Ashas. Some of these 21 apps included are Smart Gallery (by Uranium), SaveInsta (by Uranium), Heroes Jump (by JJDO TK), Flat Music Player (by Uranium), Video downloader master (by Typhu Team) and others.
ESET states that all these apps work as intended in addition to working as adware. When the user installs the apps and launches it, the app sends smartphone data to its servers such as device type, OS version, language, number of installed apps, free storage space, battery status, if the device is on Developer mode and if Facebook and FB Messenger apps are downloaded on it or not.
There were three major ways how these apps were able to go stealth and bypass Google’s security layer.
The first method had the malicious app determining if it is being tested by Google Play security mechanism. The app receives ‘isGoogleIp’ flag, determining if the handset falls in the range of known IP addresses for Google servers. If yes, the app doesn’t trigger the adware.
The second method included the app to set a custom delay between displaying two ads. The app could set the delay by up to 24 minutes. This resulted in the app bypassing the testing procedure, which takes under 10 minutes. The longer the delay between ads, the more chance of it being slipping the security procedure.
The third method of bypassing was based on the server response. With this, the app could hide its icon and create a shortcut instead. This means that if a user tried to delete the adware app, he/she would end up removing just the shortcut and not the main app, which continues to run in the background. Also mentioned is that at times the app shows the icon of Google Play Store when a user tried to close it from the ‘Recents’ tab.
What can the adware apps do to your smartphones?
While the original intention of this adware was not revealed, the adware apps in general can result in faster battery drains, tricking users into clicking on the scam ads, increased network traffic, gather personal information among others.
The report even states that they dug out some information about the owner of the servers and the apps. It was discovered that he is an Android developer, has a YouTube channel, Facebook page and is a student from a Vietnamese university.
- 'Fortnite' Rejected From the Google Play Store, How Can You Play 'Fortnite' on Android Devices?
- How to Change Country/Region in Google Play Store
- How to set parental controls on Google Play
- Why You Should Replace Google Play With an Alternative App Store
- The 5 Best Sites for Safe Android APK Downloads
- Unfortunately Google Play Service Has Stopped? Here’s How to Fix It
- How to Update Google Play Services on Android
- Chris Hemsworth launches Android app for Centr program and offers 'first-of-its-kind workout' for new users
- Google Removes 85 Adware Applications From Play Store
- You Got Your Android In My Blackberry – How To Run Android Apps On Blackberry OS 10
- Shocking study finds there are 1 MILLION times more microplastics polluting the ocean than previously thought after investigating the guts of marine creatures
- Delete these Android apps NOW! Google says 150 Play Store downloads have hidden malware designed to infect your computer when you plug in your smartphone