Android Users Falling Prey to Rogue Apps. What To Do about It
India is one of the largest markets for Smartphones that use Google's Android operating system (OS). However, due to lack of digital literacy, many Indian continue to fall victim of new threats like click fraud, Trojans, spyware and hostile down-loaders. Alarmingly, many popular handsets from different mobile-makers have been found to have backdoors, or harmful apps, disguised as system apps pre-installed, across the globe!
Google, in its annual report for 2018—Android Security & Privacy Year in Review—says that the most common threats in India were: a video app which mines crypto-currency in the background (without the knowledge of the user) and various Trojans. Sometimes, backdoors are installed when the user tries to upgrade the OS over the air (OTA) from websites other than the manufacturer’s. Let’s understand what these are.
According to Google, during 2018, India was one of biggest targets for Trojans, at 22.4%, followed by Germany, at 6.5%. About 0.007% of all app installs and 16% of all potentially harmful applications (PHA) installed through Google Play were infected with Trojans in 2018. As crypto-currency prices rose dramatically at the end of 2017 and early 2018, the number of malicious actors also rose. Google Play Protect started warning users about the potential problems of crypto-currency mining on their devices. In 2018, four of the top-11 Trojans were crypto-currency miners, all embedded in a popular video-player app, Google says.
In February this year, security researchers at ESET discovered a dangerous clipper malware app called MetaMask that steals bitcoin and other crypto-currencies from a user’s phone. AIMP, a popular audio-player with over 10 million downloads, was found being used for mining of crypto-currencies.
The most commonly used Trojan is the Idle Coconut family which turns affected devices into endpoints for commercial virtual private network (VPN)-providers without the knowledge or consent of the device owner. For app installations from outside Google Play, India accounted for 27.7% of Trojan activity, particularly apps that try to mine crypto-currency in the background without user consent.
Hostile Down-loaders: As the name suggests, hostile down-loaders are apps that facilitate installation of other apps with or without the knowledge of the user. India accounted for 18.9% of such threats. The main reason for the spread of hostile down-loaders is apps downloaded from third-party app stores or the user trying to fall victim of click baits, especially from messages spread from social media or WhatsApp, in particular.
Some of these apps (now banned by Google) were downloaded by more than one million users. These include, Pro Camera Beauty, Cartoon Art Photo and Emoji Camera. Trend Micro had listed 29 such camera- or photo-related apps, some of which used to show full screen ads or pop-up ads. On clicking the pop-up ads, a pornography player was downloaded; but since it was a paid app, it was incapable of playing the content.
For example, small messages that promised huge discount on the latest mobile handset contain links to a webpage which asks the user to download, install and run several unnecessary (or not required for the user) apps. This is done by scammers to earn money from companies that are eager to increase the number of their app users.
SMS Fraud: According to Google, the next biggest threat in India is SMS fraud that comprised 0.003% of Google Play app installed and 6.8% of total PHAs. India is not as highly targeted, with only 2.1% of such threats being directed here. Google says that, as of October 2018, an app cannot even ask for SMS permissions in Android unless the user has set it as his or her default SMS app.
The Dangerous Players: The review report from Google also lists some of the most dangerous PHA families. These include, Chamois (199 million installs), Snowfox (16 million installs), Cosiloon, BreadSMA (11 million installs), View SDK (5.2 million installs), Triada, CardinalFall, FlashingPuma, EagerFonts (12 million) and Idle Coconut.
What To Do?
Unusual activities or very high usage of mobile processor and random access memory (RAM) even when you are not using any heavy app, such as games or watching movies, is a good marker. The best way to prevent compromising your mobile phone is to use an antivirus suite or applications.
In addition, limit the number of apps installed on your phone or even uninstall apps that you no longer use or have no idea how it was installed in the first place.
Before installing any app, do a fair amount of research. One way to check the legitimacy of an app is to visit the site of the app developer and check if the app is, indeed, listed there as well, besides on the Google Play store. Do read user comments on the Play store. It would help you understand the pros and cons of the app.
We take our digital life for granted. You need protect it as much as you protect your real life.