Play Store Removes Apps for Personal Data Harvesting
As reported by BBC, Google has recently removed a bunch of apps from Play Store. The apps were found to gather personal data, including phone numbers, location data, and emails of users. Some of the apps also included the Sharkbot malware that was accused of stealing bank information. Third parties managed to collect data from over 15,000 users before those apps were deleted.
Hard to Tell
As the report says, the infected apps were quite hard to be called malicious as they included a QR scanner, a Muslim prayer app, and a simple weather app. Some of the apps were downloaded over 1 million times, but it wasn’t possible to determine if they stole data or not.
Google says that Play Store requires all developers to comply with its strict policies. Any malicious, deceptive, or abusive apps are prohibited from the platform. Besides, all the developers are instructed to be transparent about all the information they gather and share with third parties. However, Google still needs time to identify and remove such apps as not all developers comply.
For example, Sharkbot-infected apps could use the enabled geofencing feature on attacked phones to steal logins and passcodes of users from the UK and Italy. Another recently identified app included a sneaky trojan masked as an open-source alternative to a similar popular app. Over 10K users installed it before it was eliminated.
It’s great that Google manages to detect and delete malicious apps, but the question is why the company can’t moderate the Play Store better to eliminate such apps before they become available for download. Hopefully, Google knows what to do with this problem and will soon make its store as secure as Apple’s. Have you ever downloaded malicious apps? Did they steal something from you? You can tell about your experience in the comments and share this report with other Android users to make them aware of the threats.