Google Defends Play Store

Show Notes

Join Darnley on this episode as he picks apart the intricate world of app security with Google Play. Explore how Google Play attempts to safeguard its platform against malicious actors, ensuring a safe and secure environment for millions of users worldwide. Is Apple App Store better?

Gain insights and learn tips into the evolving landscape of cybersecurity within the app ecosystem. Learn how to protect yourself in this ever-changing landscape.

Support the show

Subscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

Chapters

• 0:00: Introduction
• 1:24:  Why Is Google Play Store Swimming in privacy-violating apps
• 3:49: Hackers Enjoy Easy Prey
• 8:37: Ways to avoid downloading fake apps
• 13:12: Ending Thoughts/Ending

Transcript

EP 74 – Google Defends Play Store

 

Episode Recap:

Þ   Why Is Google Play Store Swimming in privacy-violating apps

Þ   Hackers Enjoy Easy Prey

Þ   Ways to avoid downloading a fake app 

 

Why Is Google Play Store Swimming in Privacy-Violating Apps

Þ   Google stopped 2.28 million privacy-violating apps and banned 333,000 malicious develop accounts in 2023. These are not small numbers, but I am not surprised given today’s landscape. Another interesting stat I found was that Play Protect detected 5 million new malicious apps last year in 2023 while Google removed 1.5 million apps not targeting the latest APIs. 

Þ   An API abbreviates for Application Programming Interface- basically a set of rules, tools and protocols that allows different software applications to communicate and interact with each other. This just allows seamless integration between programs, services and platforms. 

Þ   Google has been in its fair share of controversy surrounding Play Store policies and their impact on app developers, the Average Android users experience has been reliant on the defensive protocols in place to remove malicious apps and developers from the Play Store. This has not always been the case however, there are still a significant amount of Android users who fall victim to the malicious actors who get through the cracks. 

Þ Google recently published a recent annual report explaining how publishing malicious apps became harder in 2023. This report bragged over defending Google Play from 1.43 million apps, but this years report claims 2.28 million privacy-violating apps. 

Þ Is this always the case, why does it seem Google Play Store always seem to be getting the brunt end of all of this? To compare, Apples App Store on average has less than 10 malicious apps per year. Quite the “small” difference, eh?

 

Hackers Enjoy Easy Prey

Þ   As you can see, Apple experiences less malicious apps compared to Google. Why is this?

Þ This can be attributed to several factors:

o  Google Play is an open platform. Meaning that developers can easily publish apps without screening processes. This openness does encourage innovation; however, it does allow malicious actors to slip through the cracks easily.

o  Large User Base. Now this is debatable, I know. Apple has made great strides to compete to the vast market of Android mobile devices, and for this reason the Apple appeal is due to their reliability, stability, and security. 

o  Ease of creation: With a vast majority of tools and resources available, its very easy for malicious developers to create and distribute harmful apps. They can quickly copy popular apps, inject malware, and publish them under different names to deceive users. 

o  Limited oversight. While Google does employ various security measures to detect and remove malicious apps, it is difficult to catch every single malicious app before it reaches users. Consider the volume of apps uploaded to Google Play on a daily basis makes it difficult to vet each one. 

o  Social engineering. Malicious developers often use social engineering techniques to trick users into downloading their apps. They may use enticing promises, fake reviews, or mimic legitimate apps to gain users' trust and persuade them to install the malicious app.

o   Monetary Incentives: Some developers create malicious apps for financial gain, such as through ad fraud, data theft, or subscription scams. These apps may appear harmless at first but engage in malicious activities behind the scenes.

Þ   Another reason that hackers release these kinds of apps on Google Play are either for personal gain, ideological motivations or to cause harm. A few common reasons for this are:

o   Financial Gain. 

o   Data Theft – because your data is worth more than oil

o   Espionage or Surveillance. Some state-sponsored hackers create these apps to spy on your activities. This could be anywhere from monitoring a users communications, track location or access sensitive information located on their device. 

o   Denial Of Service attacks. 

o   Experimentation and/or Chaos. Because some people just want to watch the world burn. 

Þ   Regardless of the motivations behind their actions, the release of malicious apps poses significant risks to individuals, businesses, and the broader digital ecosystem. It underscores the importance of robust cybersecurity measures, user education, and proactive efforts by platform providers to detect and mitigate the threat posed by malicious apps.

 

Ways To Avoid Downloading Fake Apps

Þ   Avoiding fake apps on Google Play involves a combination of vigilance, research, and cautious behavior. Here are some tips to help you steer clear of fake or malicious apps:

o   Stick to official resources: Download apps only from the official Google Play store. You can also download apps that adhere to Google Play Protect.

o   Check Developer details. Before downloading, check the developer details on the app store page. Legitimate developers provide additional information such as name, logo, and a history or reputable apps. 

o   Read reviews and ratings. This could give you an idea about the app you are about to download, but a word of caution too, many fake reviews exist too in order to deceive this point.

o   Verify Permissions. Review the permissions befre installing it. If an app requests to install unnecessary permissions, this is a red flag. Your flashlight app does not need access to your phone contacts, for example. 

o   Update regularly. Keep your apps updated, always. Developers often update their software to patch vulnerabilities and fix bugs. Outdated apps can be exploited. 

o   Use security software. Use a form of reputable mobile security software app that can detect and block malicious apps. This is just another layer of protection that should always be implemented on all of your technology today. 

Þ   Even with the massive number of malicious apps that existed in the Play Store, keep in mind that Google is working to keep these malicious apps off the Play Store. 

Þ   So are you ready to switch to an iPhone now? (haha – laugh) I am just kidding. I personally do not play in the Android verses Apple battle, both devices bring much to the table and are to an extent both superior devices in the mobile markets. Usually, this decision comes to preference to the end-users anyway. I use both equally Androids and iOS devices and personally see the advantages in both. Regardless of your viewpoints in the great mobile device debates, the point here is to always be on your guard. 

Þ   2.23 million apps are no small number to just grunt at, it is evident of the times of how many malicious actors all over the globe are looking at different ways to exploit the system to gain an advantage over one of the hottest data commodities in the world – mobile phones. 

Þ   As mobile devices become more and more powerful, you will start seeing desktops starting to fade away. It’s simple technological revolution baby. This means that these bad actors are trying to get an edge on the technological revolution as many users are using their mobile devices as the keys to their kingdom. This is why you need to become aware of the challenges we face today, and how to continue to protect yourself well into tomorrow.