Millions downloaded dozens of Android apps on Google Play infected with adware

Security researchers have found dozens of Android apps in the Google Play store serving ads to unsuspecting victims as part of a money-making scheme.

ESET researchers found 42 apps containing adware, which they say have been downloaded over 8 million times since they first debuted in July 2018.

These apps look normal but act sneakily. Once an unsuspecting user installs an adware-infected app, the app will serve full-screen ads on the device’s display at semi-random intervals. Often the apps will delete their shortcut icon, making it more difficult to remove. The adware-infected apps will also mimic Facebook and Google’s apps to avoid suspicion, likely as a way to detract from the actual ad-serving app and to keep the app the device for as long as possible.

In the background, the apps were also sending back data about the user’s device — including if certain apps are installed and if the device allows apps from non-app store sources — which could be used to install more malicious software on a device.

“The adware functionality is the same in all the apps we analyzed,” said Lukas Stefanko, one of ESET’s security researchers.

The researchers also found that the apps would check to see if an affected device was connected to Google’s servers in an effort to prevent detection. If the apps think they are being tested by Google Play’s security mechanisms, which ostensibly keep the app store free from malicious apps, the adware payload will not be triggered.

Some of those apps include Video Downloader Master, which had five million downloads; and Ringtone Maker Pro, SaveInsta and Tank Classic, which had 500,000 downloads each.

The researchers say a Vietnamese college student may be behind the adware campaign.

Google removed all of the offending apps but the researchers warned that many were still available from third-party app stores. A spokesperson confirmed all of the apps have been removed, but the search and mobile giant does not usually comment beyond acknowledging their removal.

Read more:


Android – TechCrunch

Google’s Play Store is giving an age-rating finger to Fleksy, a Gboard rival 🖕

Platform power is a helluva a drug. Do a search on Google’s Play store in Europe and you’ll find the company’s own Gboard app has an age rating of PEGI 3 — aka the pan-European game information labelling system which signifies content is suitable for all age groups.

PEGI 3 means it may still contain a little cartoon violence. Say, for example, an emoji fist or middle finger.

Now do a search on Play for the rival Fleksy keyboard app and you’ll find it has a PEGI 12 age rating. This label signifies the rated content can contain slightly more graphic fantasy violence and mild bad language.

The discrepancy in labelling suggests there’s a material difference between Gboard and Fleksy — in terms of the content you might encounter. Yet both are pretty similar keyboard apps — with features like predictive emoji and baked in GIFs. Gboard also lets you create custom emoji. While Fleksy puts mini apps at your fingertips.

A more major difference is that Gboard is made by Play Store owner and platform controller, Google. Whereas Fleksy is an indie keyboard that since 2017 has been developed by ThingThing, a startup based out of Spain.

Fleksy’s keyboard didn’t used to carry a 12+ age rating — this is a new development. Not based on its content changing but based on Google enforcing its Play Store policies differently.

The Fleksy app, which has been on the Play Store for around eight years at this point — and per Play Store install stats has had more than 5M downloads to date — was PEGI 3 rating until earlier this month. But then Google stepped in and forced the team to up the rating to 12. Which means the Play Store description for Fleksy in Europe now rates it PEGI 12 and specifies it contains “Mild Swearing”.

Screenshot 2019 10 23 at 12.39.45

The Play store’s system for age ratings requires developers to fill in a content ratings form, responding to a series of questions about their app’s content, in order to obtain a suggested rating.

Fleksy’s team have done so over the years — and come up with the PEGI 3 rating without issue. But this month they found they were being issued the questionnaire multiple times and then that their latest app update was blocked without explanation — meaning they had to reach out to Play Developer Support to ask what was going wrong.

After some email back and forth with support staff they were told that the app contained age inappropriate emoji content. Here’s what Google wrote:

During review, we found that the content rating is not accurate for your app… Content ratings are used to inform consumers, especially parents, of potentially objectionable content that exists within an app.

For example, we found that your app contains content (e.g. emoji) that is not appropriate for all ages. Please refer to the attached screenshot.

In the attached screenshot Google’s staff fingered the middle finger emoji as the reason for blocking the update:

Fleksy Play review emoji violation

 

“We never thought a simple emoji is meant to be 12+,” ThingThing CEO Olivier Plante tells us.

With their update rejected the team was forced to raise the rating of Fleksy to PEGI 12 — just to get their update unblocked so they could push out a round of bug fixes for the app.

That’s not the end of the saga, though. Google’s Play Store team is still not happy with the regional age rating for Fleksy — and wants to push the rating even higher — claiming, in a subsequent email, that “your app contains mature content (e.g. emoji) and should have higher rating”.

Now, to be crystal clear, Google’s own Gboard app also contains the middle finger emoji. We are 100% sure of this because we double-checked…

Gboard finger

Emojis available on Google’s Gboard keyboard, including the ‘screw you’ middle finger. Photo credit: Romain Dillet/TechCrunch

This is not surprising. Pretty much any smartphone keyboard — native or add-on — would contain this symbol because it’s a totally standard emoji.

But when Plante pointed out to Google that the middle finger emoji can be found in both Fleksy’s and Gboard’s keyboards — and asked them to drop Fleksy’s rating back to PEGI 3 like Gboard — the Play team did not respond.

A PEGI 16 rating means the depiction of violence (or sexual activity) “reaches a stage that looks the same as would be expected in real life”, per official guidance on the labels, while the use of bad language can be “more extreme”, and content may include the use of tobacco, alcohol or illegal drugs.

And remember Google is objecting to “mature” emoji. So perhaps its app reviewers have been clutching at their pearls after finding other standard emojis which depict stuff like glasses of beer, martinis and wine… 🤦‍♀️

Over on the US Play Store, meanwhile, the Fleksy app is rated “teen”.

While Gboard is — yup, you guessed it! — ‘E for Everyone’… 🤔

image 1 1

 

Plante says the double standard Google is imposing on its own app vs third party keyboards is infuriating, and he accuses the platform giant of anti-competitive behavior.

“We’re all-in for competition, it’s healthy… but incumbent players like Google playing it unfair, making their keyboard 3+ with identical emojis, is another showcase of abuse of power,” he tells TechCrunch.

A quick search of the Play Store for other third party keyboard apps unearths a mixture of ratings — most rated PEGI 3 (such as Microsoft-owned SwiftKey and Grammarly Keyboard); some PEGI 12 (such as Facemoji Emoji Keyboard which, per Play Store’s summary contains “violence”).

Only one that we could find among the top listed keyboard apps has a PEGI 16 rating.

This is an app called Classic Big Keyboard — whose listing specifies it contains “Strong Language” (and what keyboard might not, frankly!?). Though, judging by the Play store screenshots, it appears to be a fairly bog standard keyboard that simply offers adjustable key sizes. As well as, yes, standard emoji.

“It came as a surprise,” says Plante describing how the trouble with Play started. “At first, in the past weeks, we started to fill in the rating reviews and I got constant emails the rating form needed to be filled with no details as why we needed to revise it so often (6 times) and then this last week we got rejected for the same reason. This emoji was in our product since day 1 of its existence.”

Asked whether he can think of any trigger for Fleksy to come under scrutiny by Play store reviewers now, he says: “We don’t know why but for sure we’re progressing nicely in the penetration of our keyboard. We’re growing fast for sure but unsure this is the reason.”

“I suspect someone is doubling down on competitive keyboards over there as they lost quite some grip of their search business via the alternative browsers in Europe…. Perhaps there is a correlation?” he adds, referring to the European Commission’s antitrust decision against Google Android last year — when the tech giant was hit with a $ 5BN fine for various breaches of EU competition law. A fine which it’s appealing.

“I’ll continue to fight for a fair market and am glad that Europe is leading the way in this,” adds Plante.

Following the EU antitrust ruling against Android, which Google is legally compelled to comply with during any appeals process, it now displays choice screens to Android users in Europe — offering alternative search engines and browsers for download, alongside Google’s own dominate search  and browser (Chrome) apps.

However the company still retains plenty of levers it can pull and push to influence the presentation of content within its dominant Play Store — influencing how rival apps are perceived by Android users and so whether or not they choose to download them.

So requiring that a keyboard app rival gets badged with a much higher age rating than Google’s own keyboard app isn’t a good look to say the least.

We reached out to Google for an explanation about the discrepancy in age ratings between Fleksy and Gboard and will update this report with any further response. At first glance a spokesman agreed with us that the situation looks odd.


Android – TechCrunch

Google’s Play Store is giving an age-rating finger to Fleksy, a Gboard rival 🖕

Platform power is a helluva a drug. Do a search on Google’s Play store in Europe and you’ll find the company’s own Gboard app has an age rating of PEGI 3 — aka the pan-European game information labelling system which signifies content is suitable for all age groups.

PEGI 3 means it may still contain a little cartoon violence. Say, for example, an emoji fist or middle finger.

Now do a search on Play for the rival Fleksy keyboard app and you’ll find it has a PEGI 12 age rating. This label signifies the rated content can contain slightly more graphic fantasy violence and mild bad language.

The discrepancy in labelling suggests there’s a material difference between Gboard and Fleksy — in terms of the content you might encounter. Yet both are pretty similar keyboard apps — with features like predictive emoji and baked in GIFs. Gboard also lets you create custom emoji. While Fleksy puts mini apps at your fingertips.

A more major difference is that Gboard is made by Play Store owner and platform controller, Google. Whereas Fleksy is an indie keyboard that since 2017 has been developed by ThingThing, a startup based out of Spain.

Fleksy’s keyboard didn’t used to carry a 12+ age rating — this is a new development. Not based on its content changing but based on Google enforcing its Play Store policies differently.

The Fleksy app, which has been on the Play Store for around eight years at this point — and per Play Store install stats has had more than 5M downloads to date — was PEGI 3 rating until earlier this month. But then Google stepped in and forced the team to up the rating to 12. Which means the Play Store description for Fleksy in Europe now rates it PEGI 12 and specifies it contains “Mild Swearing”.

Screenshot 2019 10 23 at 12.39.45

The Play store’s system for age ratings requires developers to fill in a content ratings form, responding to a series of questions about their app’s content, in order to obtain a suggested rating.

Fleksy’s team have done so over the years — and come up with the PEGI 3 rating without issue. But this month they found they were being issued the questionnaire multiple times and then that their latest app update was blocked without explanation — meaning they had to reach out to Play Developer Support to ask what was going wrong.

After some email back and forth with support staff they were told that the app contained age inappropriate emoji content. Here’s what Google wrote:

During review, we found that the content rating is not accurate for your app… Content ratings are used to inform consumers, especially parents, of potentially objectionable content that exists within an app.

For example, we found that your app contains content (e.g. emoji) that is not appropriate for all ages. Please refer to the attached screenshot.

In the attached screenshot Google’s staff fingered the middle finger emoji as the reason for blocking the update:

Fleksy Play review emoji violation

 

“We never thought a simple emoji is meant to be 12+,” ThingThing CEO Olivier Plante tells us.

With their update rejected the team was forced to raise the rating of Fleksy to PEGI 12 — just to get their update unblocked so they could push out a round of bug fixes for the app.

That’s not the end of the saga, though. Google’s Play Store team is still not happy with the regional age rating for Fleksy — and wants to push the rating even higher — claiming, in a subsequent email, that “your app contains mature content (e.g. emoji) and should have higher rating”.

Now, to be crystal clear, Google’s own Gboard app also contains the middle finger emoji. We are 100% sure of this because we double-checked…

Gboard finger

Emojis available on Google’s Gboard keyboard, including the ‘screw you’ middle finger. Photo credit: Romain Dillet/TechCrunch

This is not surprising. Pretty much any smartphone keyboard — native or add-on — would contain this symbol because it’s a totally standard emoji.

But when Plante pointed out to Google that the middle finger emoji can be found in both Fleksy’s and Gboard’s keyboards — and asked them to drop Fleksy’s rating back to PEGI 3 like Gboard — the Play team did not respond.

A PEGI 16 rating means the depiction of violence (or sexual activity) “reaches a stage that looks the same as would be expected in real life”, per official guidance on the labels, while the use of bad language can be “more extreme”, and content may include the use of tobacco, alcohol or illegal drugs.

And remember Google is objecting to “mature” emoji. So perhaps its app reviewers have been clutching at their pearls after finding other standard emojis which depict stuff like glasses of beer, martinis and wine… 🤦‍♀️

Over on the US Play Store, meanwhile, the Fleksy app is rated “teen”.

While Gboard is — yup, you guessed it! — ‘E for Everyone’… 🤔

image 1 1

 

Plante says the double standard Google is imposing on its own app vs third party keyboards is infuriating, and he accuses the platform giant of anti-competitive behavior.

“We’re all-in for competition, it’s healthy… but incumbent players like Google playing it unfair, making their keyboard 3+ with identical emojis, is another showcase of abuse of power,” he tells TechCrunch.

A quick search of the Play Store for other third party keyboard apps unearths a mixture of ratings — most rated PEGI 3 (such as Microsoft-owned SwiftKey and Grammarly Keyboard); some PEGI 12 (such as Facemoji Emoji Keyboard which, per Play Store’s summary contains “violence”).

Only one that we could find among the top listed keyboard apps has a PEGI 16 rating.

This is an app called Classic Big Keyboard — whose listing specifies it contains “Strong Language” (and what keyboard might not, frankly!?). Though, judging by the Play store screenshots, it appears to be a fairly bog standard keyboard that simply offers adjustable key sizes. As well as, yes, standard emoji.

“It came as a surprise,” says Plante describing how the trouble with Play started. “At first, in the past weeks, we started to fill in the rating reviews and I got constant emails the rating form needed to be filled with no details as why we needed to revise it so often (6 times) and then this last week we got rejected for the same reason. This emoji was in our product since day 1 of its existence.”

Asked whether he can think of any trigger for Fleksy to come under scrutiny by Play store reviewers now, he says: “We don’t know why but for sure we’re progressing nicely in the penetration of our keyboard. We’re growing fast for sure but unsure this is the reason.”

“I suspect someone is doubling down on competitive keyboards over there as they lost quite some grip of their search business via the alternative browsers in Europe…. Perhaps there is a correlation?” he adds, referring to the European Commission’s antitrust decision against Google Android last year — when the tech giant was hit with a $ 5BN fine for various breaches of EU competition law. A fine which it’s appealing.

“I’ll continue to fight for a fair market and am glad that Europe is leading the way in this,” adds Plante.

Following the EU antitrust ruling against Android, which Google is legally compelled to comply with during any appeals process, it now displays choice screens to Android users in Europe — offering alternative search engines and browsers for download, alongside Google’s own dominate search  and browser (Chrome) apps.

However the company still retains plenty of levers it can pull and push to influence the presentation of content within its dominant Play Store — influencing how rival apps are perceived by Android users and so whether or not they choose to download them.

So requiring that a keyboard app rival gets badged with a much higher age rating than Google’s own keyboard app isn’t a good look to say the least.

We reached out to Google for an explanation about the discrepancy in age ratings between Fleksy and Gboard and will update this report with any further response. At first glance a spokesman agreed with us that the situation looks odd.


Android – TechCrunch

This Week in Apps: AltStore, acquisitions and Google Play Pass

The app industry shows no signs of slowing down, with 194 billion downloads in 2018 and over $ 100 billion in consumer spending. People spend 90% of their mobile time in apps and more time using their mobile devices than watching TV. In other words, apps aren’t just a way to spend idle hours — they’re a big business. And one that often seems to change overnight. In this new Extra Crunch series, we’ll help you keep up with the latest news from the world of apps — including everything from the OS’s to the apps that run upon them, as well as the money that flows through it all.

This week, alternatives to the traditional app store is a big theme. Not only has a new, jailbreak-free iOS marketplace called AltStore just popped up, we’ve also got both Apple and Google ramping up their own subscription-based collections of premium apps and games.

Meanwhile, the way brands and publishers want to track their apps’ success is changing, too. And App Annie — the company that was the first to start selling pickaxes for the App Store gold rush — is responding with an acquisition that will help app publishers better understand the return on investment for their app businesses.

Headlines

AltStore is an alternative App Store that doesn’t need a jailbreak

An interesting alternative app marketplace has appeared on the scene, allowing a way for developers to distribute iOS apps outside the official App Store, reports Engadget — without jailbreaking, which can be difficult and has various security implications. Instead, the new store works by tricking your device into thinking you’re a developer sideloading apps. And it uses a companion app on your Mac or PC to re-sign the apps every 7 days via iTunes WiFi syncing protocol. Already, it’s offering a Nintendo emulator and other games, says The Verge. And Apple is probably already working on a way to shut this down. For now, it’s live at Altstore.io.

For the third time in a month, Google mass-deleted Android apps from a big Chinese developer.

Does Google Play have a malicious app problem? That appears to be the case as Google has booted some 46 apps from major Chinese mobile developer iHandy out of its app store, BuzzFeed reported. And it isn’t saying why. The move follows Google’s ban of two other major Chinese app developers, DO Global and CooTek, who had 1 billion total downloads.

Google Firebase gets new tools


Android – TechCrunch

Google Play Pass launches with 350+ premium apps and games, initially for $1.99 per month

Following the well-received launch of Apple Arcade, Google today is officially introducing its own take on subscription-based access to premium mobile games — or, Google’s case, premium mobile apps, too. The new Google Play Pass subscription, arriving this week, will offer over 350 apps and games that are completely unlocked, with no upfront fees, in-app purchases, or advertisements. And the initial price point is something of a no-brainer — it’s just $ 1.99 per month for the first year, Google says.

That price will increase to $ 4.99 per month after the first 12 months have passed, which is the same price as Apple Arcade at launch. This launch promotion is only available until October 10, 2019, however.

The two services are similar in concept, as both are providing a large library of premium content for a monthly subscription. But there are some differences between the two.

For starters, Apple Arcade is filled with exclusives — meaning its games will not be found on Andriod. The reverse is not true for Google Play Pass. Instead, the Play Pass catalog includes many cross-platform titles, including some that even found their fame first on iOS, like ustwo’s Monument Valley.

In addition, Play Pass’s launch titles aren’t all games. There are also ad-free versions of popular mobile apps, like AccuWeather, Facetune, and Pic Stitch, for example.

Notable launch titles include Stardew Valley, Risk, Terraria, Monument Valley, Star Wars: Knights of the Old Republic, Reigns: Game of Thrones, Titan Quest, and Wayward Souls. Some lesser-known additions include LIMBO, Lichtspeer, Mini Metro, and Old Man’s Journey. Others, like This War of Mine and Cytus, are coming soon. And for little kids, there are some preschooler-friendly titles like Toca Boca classics and the My Town series.

More titles are added on a monthly basis, Google says.

pph realistic

Because it’s not relying on exclusives, Google’s catalog is more than triple the size of Apple’s at launch. That being said, Apple’s Arcade library is filled with gorgeous, high-quality games while Play Pass is rounded out with a lot of more utilities, like weather apps and photo editors.

Play Pass ticket logoLike Apple Arcade, the new subscription gets its own tab in the Google Play app, where the games are organized by genre, popularity and other factors — just like a mini app store. However, unlike Apple Arcade, where games are only found in the Arcade tab or through search, Google Play Pass titles will appear directly in the Play Store. They’ll be designated with a Play Pass ticket badge, so you can easily identify them.

The Play Pass subscription also allows the games to be shared with the whole family. The family manager can share their Play Pass subscription with up to five other family members, who can each access the titles independently. This is comparable to Apple Arcade.

We already knew Google was working on an Apple Arcade competitor before today. The Play Pass subscription’s existence had been leaked, and Google later confirmed the service with a tweet. What we didn’t yet know was the launch date, lineup, or the official pricing.

Google Play Pass service is rolling out this week to Android devices in the U.S., with more countries coming soon. A 10-day subscription is available, before it converts to the $ 1.99 per month limited promotion, followed by the $ 4.99 per month price point when the promotion ends.

While neither Apple nor Google is discussing the terms of their deals with developers, Google says that the more people who download a Play Pass title, the more the revenue developers receive on a recurring basis. It also explained that Google itself is funding the initial launch offer, so developers can gain more subscriber interest without impacting their revenue.

 

 


Android – TechCrunch