Nine apps with 5.8 million downloads kicked from Google Play store for stealing Facebook...

midian182

midian182

Posts: 9,741   +121
Staff member
What just happened? We’re often told to be careful when it comes to sideloading apps from outside of the Play Store, but the marketplace has seen its fair share of malicious applications. Joining the list are nine apps that Google has just removed for stealing users’ Facebook login details. The worrying part is that they were downloaded more than 5.8 million times.

Dr. Web (via Ars Technica) reports that, like many malicious apps, these performed their advertised functions, such as photo editing, exercise and training, horoscopes, and removing junk files from a phone. They also offered a way to disable their in-app ads by logging into a user’s Facebook account.

The trojans loaded real Facebook login pages with fields for usernames and passwords, but they also loaded JavaScript received from the C&C server into the same WebView. This script was used to hijack login credentials, which were then passed through the app and to the command server. The apps could also steal cookies from the authorization session.

Five malware variants hidden within the apps were identified, all of which used the same JavaScript code and configuration file formats to steal user data.

Most of the 5.8 million downloads were from an app called PIP Photo. This was followed by Processing Photo, which had more than 500,000 downloads. Rubbish Cleaner, Inwell Fitness, and Horoscope Daily all had over 100,000 downloads.

A Google spokesman says the apps have now been removed from the store, and the developers have been banned from submitting any new apps—though they could always submit under a different name.

Back in 2019, malware was discovered in a Google Play app with over 100 million downloads. We’ve also seen several other examples of malicious apps sneaking their way onto the store.

Permalink to story.

https://www.techspot.com/news/90300-nine-apps-58-million-downloads-kicked-google-play.html

 
Another day, another batch of apps removed from the Play Store. Par for the course for Google's lack of an extensive app review process.

Note, I'm not at all saying that Apple's app review process is perfect because it's got its issues too but still; when compared to that of Google, it makes Google look like idi0ts.
 
  • Like
Reactions: TheElder and PEnnn
ZedRM said:
What Google really needs to do is isolate apps from each other. This would solve a lot of problems.
Click to expand...

Yep: We know Google is very well versed in containers with ample support for things like docker and we know ARM processors now have the power to spare so as long as there's careful resource management, containerization would be a good solution to keep apps within their respective lanes.
 
Last edited:
  • Like
Reactions: TheElder, Eldritch, Charles Olson and 3 others
A abandoned app usually gets taken over, new malware being injected and pushed as a update. It happens in most software stores such as wordpress, google and sometimes apple's. But apple's software stack is way more strict then google. Start with that, and the problem itself will clear itself out. The amount of **** apps you have these days in the stores with dev's trying to sqeeze everything out of their users is just sickening. I mean try tinder these days. It's just an app thats designed among exploiting of females or even males, by constantly triggering you to buy a subscription or view (forced) advertisements.

In the 90's we had shareware CD's with tools that did'nt had such a thing (at all) to jack up revenue. If a product was good people buy it.
 
  • Like
Reactions: PEnnn and Wereweeb
Vanderlinde said:
A abandoned app usually gets taken over, new malware being injected and pushed as a update. It happens in most software stores such as wordpress, google and sometimes apple's. But apple's software stack is way more strict then google. Start with that, and the problem itself will clear itself out. The amount of **** apps you have these days in the stores with dev's trying to sqeeze everything out of their users is just sickening. I mean try tinder these days. It's just an app thats designed among exploiting of females or even males, by constantly triggering you to buy a subscription or view (forced) advertisements.

In the 90's we had shareware CD's with tools that did'nt had such a thing (at all) to jack up revenue. If a product was good people buy it.
Click to expand...

Most people put up with ads unless they are excessive. People don't want to buy apps as far as they can. Some do but majority don't.

Also, every thing is subscription based now as it allows corporations to extract greater sum over years and also as the reality is that services are now server based so they require constant cost to maintain. Old days when an software ran on our computer was another story as there were no server costs. Even at that time most softwares had yearly licenses and next big version will have to be purchased again albeit for a discounted price for upgrading customers.

Devs are squeezing customers is very generic assertion and not fair. There are many devs who made amazing apps for free and even without any ads or monetization or privacy intrusion.
There are millions of devs now and some are bound to be selfish jerks or even worse. Most devs that I know of respect user privacy.

That being said, the Ad trackers that people use in apps are another story altogether. We can't expect all devs to work for free and Ad services push them for various kinds of data and many permissions including phone state and contacts etc. It's a slippery slope. Most don't do it. Some do. Not fair for all devs to get a bad rep for actions of some.
 
The application creator must sign a no contest bond if they exceed their brief. Very often I find apps requesting ridiculous permission. Why does my Wifi manager need access to my contact list or photos? Why does my messenger need my location? Why does my health band application want to manage my calls and messages?

The list is endless. I simply abort the application from installing it.
 
ZedRM said:
What Google really needs to do is isolate apps from each other. This would solve a lot of problems.
Click to expand...

Ugh, why do people not read or understand articles?!?

This has NOTHING to do with app isolation. It's users being complete greedy tards and giving the apps their Facebook logins to get rid of ads. Yes, the apps give a fake FB login, but you should be hella suspicious when all you need to do is "login to Facebook" to disable ads.
 
Koguma said:
Ugh, why do people not read or understand articles?!?

This has NOTHING to do with app isolation.
Click to expand...
How do you not understand the connection? Apps stealing login credentials from facebook users would easily be prevented but isolating apps from one another.
Koguma said:
It's users being complete greedy tards and giving the apps their Facebook logins to get rid of ads. Yes, the apps give a fake FB login, but you should be hella suspicious when all you need to do is "login to Facebook" to disable ads.
Click to expand...
It seems to be you failing to understand context here..
 
You must log in or register to reply here.

Similar threads

midian182
  • Locked
Google sues alleged crypto scammers who uploaded fraudulent apps to the Play Store
Replies
24
Views
282
emmzo
E
D
Google is cracking down on third-party apps that block YouTube ads
2
Replies
25
Views
281
Underdog
Underdog
midian182
OpenAI transcribed over a million hours of YouTube videos to train its LLMs, Google engaged in same practice
Replies
5
Views
101
daffy duck
D

Latest posts

Back