A recent study by Japanese security software company Trend Micro has uncovered nearly 900,000 fake Android apps floating around in the wild, designed to fool users into downloading them before stealing user data and aggressively serving ads.
The company cataloged the top 50 free Android apps in the Google Play Store, and then searched the same store to see if fake versions of the same apps were present. For 77% of the apps in the top 50, at least one fake version existed on the store, cleverly disguised to look and act like the real apps but loaded with malicious code.
Even more concerning for Android users is the sheer volume of fake apps Trend Micro uncovered in a survey conducted in April. The company found 890,482 different fake apps spread throughout many app stores and online forums; more than half of the apps were malicious, 394,263 were malware, and 59,185 contained aggressive adware.
While the Google Play Store only contained a selection of these fake applications, it was still possible for people with malicious intent to infiltrate the most popular Android app store. The most common type of fake app disguised itself as antivirus software, often asking users to approve a wide set of privileges beyond what would be necessary for actual antivirus software.
Trend Micro highlighted in particular an app called 'Virus Shield', which was found on the Google Play Store with a 4.7-star rating, 10,000+ downloads and a price of $3.99. The app did absolutely nothing and was a complete scam, but it still managed to reach the top new paid apps section of the Store before Google removed it.
The report from Trend Micro comes just as Google announced Project Zero, designed to find vulnerabilities in third-party software. JD Sherry, VP of technology and solutions at Trend Micro, thought this was particularly ironic considering the prevalence of fake apps in the Play Store. She strongly suggested Google "take aim" at their own stores as part of the project.