Security News
Google Play Protect, the Android built-in malware defense system, has failed the real-world tests of antivirus testing lab AV-TEST after detecting just over two thirds out of more than 20,000 malicious apps it was pitted against. While always running and scanning every app installed and launched on the device, "The endurance test revealed that this service does not provide particularly good security: every other security app offers better protection than Google Play Protect."
Bogus cryptomining apps for Android available for download on Google Play are estimated to have scammed more than 93,400 victims to date, researchers said, stealing at least $350,000. In addition to offering the "Apps" themselves for a fee, the scammers also promote additional services and upgrades that users can purchase within the apps, either by transferring Bitcoin or Ethereum cryptocurrencies directly to the developers' wallets or via the Google Play in-app billing system.
A set of nine malicious Android apps that steal Facebook credentials were found on Google Play, which racked up a collective 5.9 million installations before Google removed them. The malicious apps were detected as trojans called Android.
Google on Monday announced new security measures for developer accounts on Google Play, meant to ensure that each account is created by a real person. Google Play, which provides access to millions of Android applications and games, has been abused by threat actors for the distribution of malware, and Google is looking for new ways to strengthen the security of both developers and users.
Google is announcing two new security measures aimed at minimizing the number of malicious / potentially unwanted apps available for download from the Google Play Store: additional Android developer identification requirements and 2-step verification. To be able to do it, they must either hijack an existing Google Play developer account or create a new one and associate an email address and phone number with it.
About 20 percent of the Top 500 kids' mobile apps in the Google Play store are collecting data on users in a way that likely violates the Children's Online Privacy Protection Act. COPPA, imposed by the Federal Trade Commission, applies to online services, apps and websites that target children under 13, and it requires child-directed websites, apps and online services to provide notice of their data-collection practices and obtain parental consent prior to collecting personal information from children under 13.
Google has decided the time has come to require app developers to disclose the data their wares collect, and their security practices, in their Play Store listings. The data-harvesting ad giant on Thursday detailed plans to create a "Safety section in Google Play" that it says "Will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security."
Google announced the introduction of a privacy information section on the entries of Android applications listed in its Google Play Store digital distribution service starting with Q1 2022. "Today, we're pre-announcing an upcoming safety section in Google Play that will help people understand the data an app collects or shares, if that data is secured, and additional details that impact privacy and security," Suzanne Frey, Product VP for Android Security and Privacy, said.
Researchers have uncovered a new set of fraudulent Android apps in the Google Play store that were found to hijack SMS message notifications for carrying out billing fraud. The apps in question primarily targeted users in Southwest Asia and the Arabian Peninsula, attracting a total of 700,000 downloads before they were discovered and removed from the platform.
A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services," cybersecurity firm McAfee said in an analysis published on Monday.