You’d think that with all the strict testing processes and security controls, the Play Store would be a fortress. But alas, attackers are finding ways to sneak past the guards. Despite Google’s best efforts, Android malware is still finding its way into the Play Store. Here’s how they’re doing it.
Google’s Cybersecurity Action Team recently spilled the beans on a common technique that malicious actors use to spread Android malware through the Play Store.
According to a report by Bleeping Computer, these cunning attackers are playing a game of hide and seek. The apps provided for spreading malware don’t contain any malicious code at first. It’s like a Trojan Horse, waiting to unleash its fury only after installation through updates or by reloading additional user data from the attacker’s server onto your device.
“One way malicious actors attempt to circumvent Google Play’s security controls is through versioning,” warns the Android developer’s security team. “Versioning occurs when a developer releases an initial version of an app on the Google Play Store that appears legitimate and passes our checks, but later receives an update from a third-party server changing the code on the end user device that enables malicious activity.”
Imagine this: A seemingly legitimate application is uploaded to the Play Store, passing all the company’s audits. Then, like a snake in the grass, an update is submitted via a third-party server that changes the code on your device and enables malicious activity.
Even though the patches provided via the Play Store undergo strict checks for PHA (Potentially Harmful Application), the attackers have found a way to dance around some of these checks using a technology known as dynamic code loading.
Now, you might be thinking, “Isn’t this against the rules?” You bet it is! Such activities blatantly violate the guidelines of Google’s platform, and the affected applications may even be classified as backdoors.
According to Google’s own guidelines, any resources downloaded after the fact must be “necessary for the user to use the app.” Significant changes without notifying the user or attempts to disguise behavior during review are violations. Moreover, downloading executable code from sources other than Google Play is strictly prohibited by platform policy.
