Google Play has banned dozens of apps from its app store, reportedly due to hidden data-harvesting spyware that has been linked to US intelligence.
The apps had been used by millions. While Google is rolling out new security measures for the Play Store, it won't be able to fully ensure the massive collection of apps doesn't include hidden malware or spyware.
Here's what to know about the latest example of malicious software on Google Play, and how you can stay safe.
Now We Have to Worry About Spyware
All of the apps in question held the same piece of code, according to the Wall Street Journal article that broke the story. The code was designed to quietly hoover up data including the device's current location, email addresses, phone numbers, and more.
The most interesting part of the story is the Wall Street Journal's allegation that they found a paper trail tying this exact code to a contractor that works for the US government.
“The Panamanian company that wrote the code, Measurement Systems S. de R.L., is linked through corporate records and web registrations to a Virginia defense contractor that does cyber intelligence, network-defense and intelligence-intercept work for U.S. national-security agencies,” said the Wall Street Journal.
The code was first uncovered by two researchers — Serge Egelman from UC Berkeley and Joel Reardon from the University of Calgary — who then informed federal regulators as well as Google. According to Egelman, the code can “without a doubt be described as malware.” Google appears to agree, given that they've now removed all the apps.
Can Google Play Updates Prevent Malware?
Google is also rolling out updates aimed at boosting their app store's security. Later this year, they'll begin hiding and blocking downloads of “outdated” apps, which refers to any apps that haven't been kept compatible within a two-year window of the most recent major Android OS release.
It's a good measure to introduce, but it won't help prevent the scads of malicious apps that Google is constantly removing. Both hackers with password-stealing malicious apps and alleged surveillance state spyware can keep getting downloads as long as they keep their apps up to date.
The best tips for avoiding malware on the Google Play Store haven't changed. Check, double check, and check again. Download only from brands you know and can verify when at all possible.
If you're considering a software solution to boost your personal security, a password management tool is a good bet, since many paid options can flag suspicious login pages. We've rounded up the best password managers for businesses so you don't have to.
Another option is a business VPN, although it won't protect you from downloading any apps with hidden malware. And whatever you do, don't download a VPN app you've never heard of from the Google Play Store — Google just today removed six fake antivirus apps because they secretly held, you guessed it, malware.