Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Pulls 500+ Backdoored Apps With Over 100 Million Downloads From Google Play (helpnetsecurity.com)

Posted by BeauHD on from the clean-up-house dept.

Orome1 shares a report from Help Net Security: Security researchers have identified over 500 apps on Google Play containing an advertising software development kit (SDK) called Igexin, which allowed covert download of spying plugins. The apps in question represent a wide selection of photo editors, Internet radio and travel apps, educational, health and fitness apps, weather apps, and so on, and were downloaded over 100 million times across the Android ecosystem. Lookout researchers did not name the apps that were found using the malicious SDK, but notified Google of the problem. The latter then proceeded to clean up house, either by removing the offending apps altogether, or by forcing app developers to upload an updated version with the invasive features (i.e. the Igexin SDK) removed. "Users and app developers have no control over what will be executed on a device after the remote API request is made. The only limitations on what could potentially be run are imposed by the Android permissions system," the researchers pointed out. "It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote server. Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality -- nor are they in control or even aware of the malicious payload that may subsequently execute. Instead, the invasive activity initiates from an Igexin-controlled server."

3 of 58 comments (clear)

  1. Re:So why aren't these Apps named? by sabbede · · Score: 3, Informative

    Igexin won't name them either. Like many companies, they have a page on their site to brag on who uses their SDK. None are listed.

  2. Re:List by swillden · · Score: 4, Informative

    What's the point of source material that doesn't include a list of the apps?

    According to the Ars Technica article, the researchers say they didn't publish a list of the apps to avoid punishing app developers who didn't realize that the Igexin SDK could download and execute plugins which could potentially exfiltrate user data that the app had permission to see.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  3. Re: Google's future? by Anonymous Coward · · Score: 2, Informative

    Lgexin was a legitimate ad network at one point, but it contained an update mechanism which could be abused later (and downloading malicious components later was one way to evade Google's malware scanners). The apps are being removed/updated to prevent future abuse, not only to stop current abuse; The list of affected app is being witheld because not all of the apps/developers were malcious.