Google gets help cleaning out the Google Play swamp

Google has launched the App Defense Alliance, a partnership with three security companies to spot real or potentially harmful apps in Google Play. “The Android ecosystem is thriving with over 2.5 billion devices, but this popularity also makes it an attractive target for abuse,” explained Dave Kleidermacher, VP of Android Security & Privacy at Google.

The App Defense Alliance is an effort to review and filter out the bad apps before they listed. It has Google integrating its own detection systems with those of its three partner’s scanning engines. “Partners will analyze that dataset and act as another, vital set of eyes prior to an app going live on the Play Store,” he added. The three security companies are ESET, Lookout, and Zimperium.

Android and the Play Market are the most popular operating system and source of apps for smart phones. The number of apps currently available in Google Play is relatively stable at 2.8 million according to Statista.

Looking for incoming bad stuff in Google Play

Given its size, Google Play has a relatively clean reputation – especially in comparison to the informal off-market app sources. However, there are examples of malware being placed into the market. The two critical parts of this news blast about the App Defense Alliance is that it is not intended to be a substitute for on-phone security apps and also that it is forward looking, an additional review “prior to an app going live”. This means it is not going to clean out the questionable apps which are already in the market but the pipeline before they are placed there.

Let’s talk about the questionable stuff already there

There are cases of bad and abusive apps already happily in Google Play, things like stalkerware, adware, and Potentially Unwanted Apps(PUA). Here are two examples of them.

This legitimate Black Friday coupon app listed below is one of them. It can be found on Google Play:

,

The reviews show that some users find the ads too aggressive and Avira is detecting this app as ADWARE/ANDR.Airpush.W.Gen. This is an example of the questionable stuff that is available in Google Play.

Here are some less positive user comments:

While coupons might seem frivolous, how about spyware — apps that can unmask your activities or that of a significant other? This All Tracker Family app mentioned below is able to spy on your spouse by using their mobile phone to view their mobile screen, viewing their phone camera remotely, listening to their phone microphone, viewing their location, reading their Messenger/WhatsApp, Viber messages, tracking their location and getting files from their phone.

“If you look through the reviews you can also find who say they caught their wife cheating with this app,” pointed out Mihai Grigorescu, malware researcher at Avira. “I would say it is definitely a privacy risk — We are detecting it as SPR/ANDR.Catwatch.pdtmn.”

You are still important

The App Defense Alliance announcement is a positive step to keep the swamp from getting more swampy. However, there is already a lot of mud there in terms of adware, questionable apps, and those stealing your private data. Security apps such as those by Avira help identify malware and suspect apps. But don’t forget your role. You, as the person selecting the apps to place on the device, still have an important job to do in maintaining the security and integrity of your device.

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.