Two Android apps with 1.5 million downloads were secretly clicking on ads

August 29, 2019 TH Author

Two Android apps available in the Google Play Store, which had racked up over 1.5 million downloads between them, used a new trick to secretly click on ads without the knowledge of smartphone users.

According to researchers at security company Symantec, the two apps were in the Play Store for almost a year before being discovered. After Symantec told Google about the behaviour of the apps they were removed from the app store.

The two apps — a notepad app called ‘Idea Note: OCR Text Scanner, GTD, Color Notes’ and a fitness app ‘Beauty Fitness: daily workout, best HIIT coach’ – were packed using legitimate packers originally developed to protect the intellectual property of Android applications, Symantec said. As these packers can change the flow of an Android Package Kit this makes it more difficult for researchers who want to understand its inner workings.

The apps also use a sneaky way to display ads while keeping them hidden from the user, effectively placing the adverts outside of the device’s viewable screen area – which means the user simply can’t see it.

“Using this tactic allows advertisements, and any other potentially malicious content, to be displayed freely. The app can then initiate an automated ad-clicking process that produces ad revenue,” Symantec said. But as the app generates these ‘ghost’ clicks on ads to make money, users could find their smartphone batteries drained, their device slowing down or even running out of data, thanks to frequent visits to ad websites.

“The apps’ use of Android packers and the unusual method of hiding advertisements adds a level of complexity for security researchers,” said Symantec. Symantec said it “strongly” encourages users to manually uninstall these apps from their devices.

Earlier this year Google has revealed that malware installed from Google Play grew by 100 percent last year. But the company says the main reason for the growth is that for the first time its definition of “potentially harmful apps” now includes click-fraud apps.