An X-ray Scan application? A tool to detect lies? In Google Play there are many apps with doubtful behavior. Obviously, neither of the ones mentioned deliver what they promise. Most are just looking to bombard with advertising, but there are some cases of undercover malware, like the game Balloon Pop 2 (which has already been removed from the platform), that stole WhatsApp conversations of those who installed it in their phones.
The online store of Android operating system has been repeatedly accused of accepting any software without a thorough analysis of their origin, functionality or permits. Nevertheless, Google disregarded the critics and kept using the same methods to verify whether an application meets the requirements.
The Mountain View giant uses a system known as Bouncer, an automated process that supposedly analyzes the tools before published them, rejecting them if it detects any type of malware or fraudulent behavior. However, the platform’s catalog shows that it doesn’t always fulfill its tasks effectively.
It seems like now Google has changed its mind. The company recently announced that the verification will no longer be automated but it will incorporate human inspections attempting to improve the process. Stating that this is not a future intention, the new mechanics has been several months in place.
According to the company, a team of experts review the applications and identifies possible violations of the policy established for developers. The new addition will help the products to be published on the platform “within minutes or hours after sending them, instead of days or weeks.” Although, maybe is the speed one of the reasons why there is a lack in the control.
In the same statement they announced that there will also be an increase of the information provided to the developers about the evaluation and publication process. They will receive a more detailed “feedback” in order to know why their tool has been rejected or suspended, so they can remedy any irregularities.
Although Google has started walking in the right direction (or at least shows that intention), is difficult to evaluate yet if their efforts will produce the expected results. Nevertheless, there still remains an important point that is not even mentioned in their announcement: what will happen with the fraudulent or malicious applications already published on the platform?
There is no need to go far back in time to check that there are still new apps being detected as illegal behavior. Security experts from the Spanish National Institute of Cybersecurity recently alerted of the existence of two applications (Naked Scanner and Super Jumper X) whose alleged functionality is to see people in their underwear.
Those who fall into the trap end up subscribed to a premium messages service that is reflected on their phone bill. As if this wasn’t enough, one of these apps offered their users to download an antivirus after showing them fake security alerts. Sadly for many users this warning arrived late: Naked Scanner exceeds 50.000 downloads and Super Jumper X has more than 1.000.
Given this scenario, it seems risky to lower your guard. Keep paying attention to the applications you download from Google Play and do not trust services that promise a little or no realistic product: they are usually a scam.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
