Nine apps with 5.8 million downloads kicked from Google Play store for stealing Facebook...

midian182

Posts: 7,081   +62
Staff member
What just happened? We’re often told to be careful when it comes to sideloading apps from outside of the Play Store, but the marketplace has seen its fair share of malicious applications. Joining the list are nine apps that Google has just removed for stealing users’ Facebook login details. The worrying part is that they were downloaded more than 5.8 million times.

Dr. Web (via Ars Technica) reports that, like many malicious apps, these performed their advertised functions, such as photo editing, exercise and training, horoscopes, and removing junk files from a phone. They also offered a way to disable their in-app ads by logging into a user’s Facebook account.

The trojans loaded real Facebook login pages with fields for usernames and passwords, but they also loaded JavaScript received from the C&C server into the same WebView. This script was used to hijack login credentials, which were then passed through the app and to the command server. The apps could also steal cookies from the authorization session.

Five malware variants hidden within the apps were identified, all of which used the same JavaScript code and configuration file formats to steal user data.

Most of the 5.8 million downloads were from an app called PIP Photo. This was followed by Processing Photo, which had more than 500,000 downloads. Rubbish Cleaner, Inwell Fitness, and Horoscope Daily all had over 100,000 downloads.

A Google spokesman says the apps have now been removed from the store, and the developers have been banned from submitting any new apps—though they could always submit under a different name.

Back in 2019, malware was discovered in a Google Play app with over 100 million downloads. We’ve also seen several other examples of malicious apps sneaking their way onto the store.

Permalink to story.

 

trparky

Posts: 946   +1,009
Another day, another batch of apps removed from the Play Store. Par for the course for Google's lack of an extensive app review process.

Note, I'm not at all saying that Apple's app review process is perfect because it's got its issues too but still; when compared to that of Google, it makes Google look like idi0ts.
 

Dimitriid

Posts: 955   +1,768
What Google really needs to do is isolate apps from each other. This would solve a lot of problems.

Yep: We know Google is very well versed in containers with ample support for things like docker and we know ARM processors now have the power to spare so as long as there's careful resource management, containerization would be a good solution to keep apps within their respective lanes.
 
Last edited:

Vanderlinde

Posts: 47   +42
A abandoned app usually gets taken over, new malware being injected and pushed as a update. It happens in most software stores such as wordpress, google and sometimes apple's. But apple's software stack is way more strict then google. Start with that, and the problem itself will clear itself out. The amount of **** apps you have these days in the stores with dev's trying to sqeeze everything out of their users is just sickening. I mean try tinder these days. It's just an app thats designed among exploiting of females or even males, by constantly triggering you to buy a subscription or view (forced) advertisements.

In the 90's we had shareware CD's with tools that did'nt had such a thing (at all) to jack up revenue. If a product was good people buy it.
 

Eldritch

Posts: 341   +524
A abandoned app usually gets taken over, new malware being injected and pushed as a update. It happens in most software stores such as wordpress, google and sometimes apple's. But apple's software stack is way more strict then google. Start with that, and the problem itself will clear itself out. The amount of **** apps you have these days in the stores with dev's trying to sqeeze everything out of their users is just sickening. I mean try tinder these days. It's just an app thats designed among exploiting of females or even males, by constantly triggering you to buy a subscription or view (forced) advertisements.

In the 90's we had shareware CD's with tools that did'nt had such a thing (at all) to jack up revenue. If a product was good people buy it.

Most people put up with ads unless they are excessive. People don't want to buy apps as far as they can. Some do but majority don't.

Also, every thing is subscription based now as it allows corporations to extract greater sum over years and also as the reality is that services are now server based so they require constant cost to maintain. Old days when an software ran on our computer was another story as there were no server costs. Even at that time most softwares had yearly licenses and next big version will have to be purchased again albeit for a discounted price for upgrading customers.

Devs are squeezing customers is very generic assertion and not fair. There are many devs who made amazing apps for free and even without any ads or monetization or privacy intrusion.
There are millions of devs now and some are bound to be selfish jerks or even worse. Most devs that I know of respect user privacy.

That being said, the Ad trackers that people use in apps are another story altogether. We can't expect all devs to work for free and Ad services push them for various kinds of data and many permissions including phone state and contacts etc. It's a slippery slope. Most don't do it. Some do. Not fair for all devs to get a bad rep for actions of some.
 

pmshah

Posts: 173   +35
The application creator must sign a no contest bond if they exceed their brief. Very often I find apps requesting ridiculous permission. Why does my Wifi manager need access to my contact list or photos? Why does my messenger need my location? Why does my health band application want to manage my calls and messages?

The list is endless. I simply abort the application from installing it.
 

Koguma

Posts: 6   +3
What Google really needs to do is isolate apps from each other. This would solve a lot of problems.

Ugh, why do people not read or understand articles?!?

This has NOTHING to do with app isolation. It's users being complete greedy tards and giving the apps their Facebook logins to get rid of ads. Yes, the apps give a fake FB login, but you should be hella suspicious when all you need to do is "login to Facebook" to disable ads.
 

ZedRM

Posts: 616   +387
Ugh, why do people not read or understand articles?!?

This has NOTHING to do with app isolation.
How do you not understand the connection? Apps stealing login credentials from facebook users would easily be prevented but isolating apps from one another.
It's users being complete greedy tards and giving the apps their Facebook logins to get rid of ads. Yes, the apps give a fake FB login, but you should be hella suspicious when all you need to do is "login to Facebook" to disable ads.
It seems to be you failing to understand context here..