There’s a widespread belief among mobile users that the apps they install in their devices are safe as long as they come from primary app stores such as Google’s Play Store or the Apple App Store. However, that is not always the case.
It turns out that some apps in Play Store come with a surprising setback. If you happened to download Durak, a solitaire card game, from the app store, you would know what I mean. Security researchers from Avast has reported about the risks associated with this app, which seemed to have snuck through the radar of Google’s security team that verifies items in Play Store.
According to the findings, Android users initially noticed having seen advertisements that popped up on their screen after unlocking their phones and asked them to click on the accompanying link in order to purportedly clean up their machine. Further inquiry points to a webpage that users have been led to and which contained malware. There are various pieces of malware involved here, some of which could run malicious operations in your device, steal personal and sensitive data and install malicious apps in the background without your knowledge.
And this did not seem to happen only once. According to Avast, the process takes place everytime a user unlocks a device. The ad also displays different reasons to click on the associated link, such as a compromise in the device or a need to update software. If you know your handset very well, you would immediately conclude that you are being duped. If you try to respond to the fraudulent request at your own risk, you would be redirected to third-party app stores whose security status bears no guarantee.
Current count of downloads for the Durak app has eclipsed 10 million according to the Play Store’s stats, which means there are millions of users who are now potentially exposed to the malware, and unless Google acts promptly on the issue, there will be more to be affected. There’s word from the search giant, quite fortunately, that the app has been removed from Play Store.
However, there remains to be a problem with the attack vector being left open. The onus is now on the millions of users who have downloaded the app. Which brings up the question: could Google help to clean the devices of individual users from the infection of Durak?
More importantly, questions arise as to the security level that Google is implementing on Play Store.