Google has always insisted Android is a secure platform, although malware and security issues are frequent. It’s true, the core Stock Android experience is secure, but the open source nature of the OS makes it vulnerable. This is true on the Google Play Store, where Google should admittedly have more control.
However, apps loaded with malware are relatively frequent, even if Google works hard to stop them. Under the policies of the Google Play Store, applications that download executable code from any source that is not Google Play are prohibited.
Naturally, many attackers don’t care for this rule and frequently try to exploit it. Google is forced into a never-ending situation of policing apps. It seems one slipped through the security net. A booby-trapped application loaded with malware was recently taken down. Job done, you may think. The problem is, the app had been on Google Play for nearly a year.
Furthermore, while Google ultimately removed it, the company did not discover the app. That was down to ESET researcher Lukas Stefanko, who discovered an app called Simple Call Reader. Attackers used the app to trick users into installing another ghost app that was disguised as an Adobe Flash Player update.
“Simple Call Recorder lasted on the Google Play almost for a year, which is really a long time before being removed,” said Stefanko in a Monday post.
Simple Call Recorder was published by FreshApps Group and was uploaded onto Google Play on November 30, 2017.
Over that time, it was installed over 5,000 times. Stefanko says it is likely the attacker/s may have stolen the legitimate call-recording facility from legitimate open source code and added the malware element.
“Simple Call Recorder lasted on the Google Play almost for a year, which is really a long time before being removed, if we consider that the app contained flashplayer_update.apk string inside.”