1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Google removes 85 adware-infested apps from the Play Store

By Polycount ยท 8 replies
Aug 16, 2019
Post New Reply
  1. Google has been known to pull malicious apps from its storefront from time to time; usually in large ban waves. In many cases, these apps masquerade as something beneficial, like a photo app or a game. However, when a user installs them onto their device, they often contain less-than-savory hidden software, usually malware or adware.

    The latest wave of apps banned by Google happened to contain the latter. 85 adware-infested apps have been removed from the Google Play Store -- the adware in question is known as "AndroidOS_Hidenad.HRXH," according to Trend Micro. The site says this adware is particularly frustrating to deal with because it contains "unique techniques" that help it evade detection, while also displaying unskippable, difficult-to-close (full-screen) advertisements.

    In most cases, the apps in question posed as games or photography apps. Their removal was triggered after Trend Micro security researchers sent the results of their recent adware investigation to Google.

    So, what are the "unique techniques" that this adware used to avoid immediate deletion? "Every time the user unlocks the device, the adware will perform several checks before it executes its routines," Trend Micro writes. "It first compares the current time (the device's system time) with the timestamp stored as installTime; it then compares the current network time (queried via a RESTful API) with the timestamp stored as networkInstallTime."

    Apparently, these checks allow a malicious app to determine when it's "safe" to begin displaying ads to users. The default time gap is 30 minutes, but that number can vary. Not only does this tactic reduce the risk of manual app removal or virus scans (by the user), but it also helps them evade any "time-based detection techniques" built in to Android.

    There's some good news, though: anyone who downloaded these risky apps is probably in the clear, as long as their device was running the latest version of Android. Trend Micro says this adware only seems to affect devices that are still on Android 8.0 or older, as newer versions of Android will display a confirmation dialogue box before the apps can execute their shady tasks.

    Alternatively, you could simply avoid downloading any apps that you don't trust. The tricky part of this scenario, though, is that many of these apps had fairly good reviews on the surface. Though these reviews were almost certainly faked, that could be enough to hook a casual user. That's why it's always important to read the reviews themselves before purchasing a product or downloading an app.

    Regardless, these adware-filled apps were downloaded over 8 million times in total, which seems to imply that many users didn't dig too deeply into what they were grabbing.

    Permalink to story.

    Last edited: Aug 16, 2019
  2. Uncle Al

    Uncle Al TS Evangelist Posts: 5,705   +4,044

    You know, as large as Google is and as many people they employ, you would think by now they would have figured out the benefit of having each and every app tested & evaluated by their own teams BEFORE it was allowed to be posted to their site. It's been going on way too long Google .... time to grow up and take a bit more responsibility for your actions!
    mosu and trparky like this.
  3. ziffel66

    ziffel66 TS Enthusiast Posts: 25   +17

    Great. 85 ... out of 85 million.
  4. Nero7

    Nero7 TS Evangelist Posts: 498   +236

    Those apps will all come back with slightly different name or even the same name I bet.
    toooooot likes this.
  5. toooooot

    toooooot TS Evangelist Posts: 953   +453

    Any of those was a furry dating app by chance?
    Polycount likes this.
  6. Hardware Geek

    Hardware Geek TS Booster Posts: 111   +91

    Let me guess. You're asking for a friend?
    Polycount likes this.
  7. Danny101

    Danny101 TS Guru Posts: 848   +329

    Because Google can't bother to QA.
  8. lazer

    lazer TS Addict Posts: 261   +60

    Don't understand, doesn't Google check out each app before allowing it on the Play Store?
  9. Markoni35

    Markoni35 TS Addict Posts: 312   +130


Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...