Researchers Find Google Play Store Apps Were Actually Government Malware

Security researchers have found a new kind of government malware that was hiding in plain sight within apps on Android's Play Store. And they appear to have uncovered a case of lawful intercept gone wrong. An anonymous reader writes: This new case once again highlights the limits of Google's filters that are intended to prevent malware from slipping onto the Play Store. In this case, more than 20 malicious apps went unnoticed by Google over the course of roughly two years. Motherboard has also learned of a new kind of Android malware on the Google Play store that was sold to the Italian government by a company that sells surveillance cameras but was not known to produce malware until now. Experts told Motherboard the operation may have ensnared innocent victims as the spyware appears to have been faulty and poorly targeted. Legal and law enforcement experts told Motherboard the spyware could be illegal. The spyware apps were discovered and studied in a joint investigation by researchers from Security Without Borders, a non-profit that often investigates threats against dissidents and human rights defenders, and Motherboard. The researchers published a detailed, technical report of their findings on Friday.

Re:Run new apps through a proxy...

[MooseTick]

"It's a pretty good idea to run new apps in an environment where you can monitor network traffic and see what they are sending."

Yeah. Everyone should do that the next time they install and/or update any app. It makes sense and we all love and know how to analyze network traffic. I'd also add waiting at least a year before using the app on a live device just in case it waits a while to exfiltrate data.

Or, we can all use burner phones and rotate them monthly so its harder to be tracked. That would literally be an easier solution than isolating, monitoring, and analyzing network traffic for each app and determining they are not doing anything suspect.