Malicious adware found in 238 Google Play Store apps

Carefully disguised adware rendering smartphones and tablets practically useless has been found in 238 applications on Google’s Play Store, potentially affecting in excess of 440 million Android devices.

The findings were announced in a blog post by mobile security company Lookout, who discovered the issue and promptly reported it to Google. All offending software has since been removed from the Play Store or updated to no longer include the plugin responsible.

All of the applications were produced by Chinese mobile developer CooTek, including popular free keyboard TouchPal, which has been installed more than 100 million times.

The plugin, known as BeiTaAd, appears harmless in the immediate aftermath of any installation, misleading the user into believing any subsequent issues are not linked to such applications.

However, at any time between 24 hours and two weeks following installation, the infected applications begin to show out-of-app-ads. As opposed to banner or pop-up adverts, they display in the lock screen, playing audio and video involuntarily. These can even be triggered when the device was asleep.

The developers went to great lengths to ensure their plugin was undetectable, including renaming files in order to make users less aware it had the power to execute code.

Nonetheless, concerns have been raised as to how Google Play Protect, the tech giant’s malware protection for Android, failed to detect the adware, considering the applications were available and installed by millions of users for months. In TouchPal’s reviews on the Google Play Store, users had complained about the intrusive ads for some time.

This latest security breach will do little to abate Android users’ growing security concerns. While Apple continues to prioritise privacy, which it calls a “fundamental human right”, issues over the integrity of applications available on Google’s open-source operating system continue to mount.