Disturbing reports about fake Android apps are nothing new, but the latest one involves an app called Virus Shield. It sold for $3.99 and promised to improve the security of Android devices. Unfortunately, as Android Police discovered, it actually did nothing at all except to fleece users of their hard earned money. The app has since been pulled from the Google Play store, but the damage has already been done.
All of this has got me wondering if it’s time for Google to consider locking down the Google Play store.
The app description says that it “Prevents harmful apps from being installed on your device,” “scans apps, settings, files, and media in real time,” and “protects your personal information.” Oh, and it has a low impact on battery life, and has “No, ZERO pesky advertisements!”
There’s just one problem: it’s a complete and total scam. We don’t mean in the slightly skeevy way that some anti-virus and general security software overstates dangers and its own necessity. We mean it’s literally a fake security app: the only thing that it does is change from an “X” image to a “check” image after a single tap. That’s it. That’s all there is, there isn’t any more.
Image credit: Android Police
A dangerous situation for Android users and for Google
I really feel for the victims of this scam, as well as others that have been perpetrated on the Google Play store. People work really hard for their money, day in and day out. Then they go to buy an app that they think will help protect them from the bad guys, and it turns out the app developer is one of the bad guys! That has to be extremely frustrating for all of the people that were hoodwinked by this bloodsucking criminal.
Scams like this are very dangerous for Google. Each time they happen they shake people’s faith and trust in the integrity of the Google Play store. Over time this could result in less people using the Google Play store to buy apps, and that’s not good for app developers or Google. It could result in significantly less revenue for everybody as sales start drying up due to fear of fraud and abuse.
The reviews of Virus Shield were quite positive. I have no doubt that many or all of them were fake, and were probably posted by the developer to lure people into buying the app. This is yet another issue that Google has to contend with or they run the risk of user reviews losing all credibility in the Google Play store. Why should anybody believe a user review if it’s so easy to fake them to make the app look good? Once user reviews are utterly discredited then it’s yet another nail in the coffin of the Google Play store’s credibility.
Some people might downplay the importance of this situation since the Virus Shield app cost $3.99 and they might not consider that to be a large amount of money. But multiply that by thousands and thousands of users and you end up with a significant amount of cash. Now multiply it by any number of different apps and you have a serious problem on your hands that could shake the foundations of Android as a platform if something isn’t done.
Mobile malware hidden in Android apps in the Google Play store
And fake apps aren’t the only problem with the Google Play store. PC World reports that the number of mobile apps infected with malware in the Google Play store quadrupled between 2011 and 2013.
In 2011, there were approximately 11,000 apps in Google’s mobile marketplace that contained malicious software capable of stealing people’s data and committing fraud, according to the results of a study published Wednesday by RiskIQ, an online security services company. By 2013, more than 42,000 apps in Google’s store contained spyware and information-stealing Trojan programs, researchers said.
“The explosive growth of mobile apps has attracted a criminal element looking for new ways to distribute malware that can be used to commit fraud, identity theft and steal confidential data,” said RiskIQ CEO Elias Manousos, in announcing the findings.
So we’re not just talking about fake apps, we’re also talking about apps that are themselves infected with nasty stuff that can cause an Android user a number of different headaches and problems. According to the story Google seems overwhelmed by the influx of malware and the number of apps removed because of malware has declined from around 60% to less than 25%. Wow!
Android’s reputation is at stake with users
All of this has the potential to negatively affect the very perception of Android as a platform. Yes, I think it’s really that serious. Google is going head to head with Apple, Microsoft and others in the mobile marketplace. They cannot afford to have Android itself be thought of as a lawless platform, filled with all manner of fake apps designed to scam people out of money while providing nothing in return or apps that are infested with malware designed to steal user’s confidential data.
Android’s openness has always been part of its appeal, but isn’t it time for Google to start locking down the Google Play store? Yeah, open is great and I understand that. But what good is having an open platform if it’s corrupted and ruined by these kinds of apps? It seems to me that keeping it as open as it is has become more a negative than a positive. Where is Android going to be in five years if things keep going in this direction?
And the fact that Google seems unable to keep up with all of this is quite disturbing to me. Google makes billions of dollars every year so I’m not buying into the argument that they don’t have the resources to deal with this problem. They surely do and if they don’t have the staff on hand right now then they better start hiring people left and right to start blocking malware-laden apps and fake apps from ever appearing in the Google Play store.
Is Google up to the task of protecting users in the Google Play store?
Google has made some recent changes designed to clean up the Google Play store, as reported by CITEworld. Some of this seems like steps in the right direction, but is it going to be enough to really make a difference? Somehow I doubt it, but I truly hope I’m wrong.
Google is giving Android developers 15 days to ensure they are in compliance with a new set of rules designed to combat spyware and other malicious code hiding in apps being offered in Google Play.
Here are the new (and reiterated) rules established by Google:
A new App Promotion policy prohibits deceptive ads on websites and apps, auto-downloads or text ads.
Developers must “clearly disclose when an advertised feature in your app’s description requires in-app payment.”
Browser modifications on behalf of third parties or advertisements are prohibited. All advertising “must be properly attributed to, or clearly presented in context with the app it came along with.”
All advertising behavior “must be properly attributed to, or clearly presented in context with the app it came along with.”
Apps cannot secretly track and spy on users. Apps that track device user behavior must feature a persistent notification and icon identifying its existence and purpose.
The company offered clearer language on its content policies, particularly regarding sexually explicit content, bullying and hate speech.
Part of me wonders if Google is really up for this fight. The company has languished in some kind of stupor for a long time while the bad app developers have run wild in the Google Play store. The latest efforts may cut down on some of it, but how long until the bad guys just get more clever about hiding their sleazy malware? And is anybody going to actually test apps to make sure they do what they say they do? The new policies don’t seem to address that particular problem in any comprehensive way, and it might leave a door open for apps like Virus Shield to continue fleecing users for their cash.
In order to stop the bad guys Google is going to have to act in an extremely aggressive and forthright manner on all fronts by providing resources, policies and tools to protect Google Play customers, and they are going to have to reexamine what “open” means and if it’s really worth it in the long run. The jury is still out on whether or not Google will do all of this. Meanwhile the fate of the Google Play store and perhaps even Android itself hangs in the balance.
What’s your take on this? Tell me in the comments below.