That cute cat wallpaper for your Android phone or free photo-editing software app you downloaded may be using your phone without your permission and running up fraudulent ad views, according to a recent report from online marketing firm eZanga.
EZanga used its Anura ad fraud protection software to look at one module from a software development kit (otherwise known as an SDK) that hides in apps, then activates to run advertisements and play videos while the user is not on their phone. While the person may be sleeping, the malware chews up bandwidth and battery life.
The report estimated the top apps using this SDK module, one of which could have been downloaded up to 1 million times in the Google Play store, could cost advertisers anywhere between $2,000,000 to $10,000,000 daily in fraudulent ad traffic.
On June 7, they found 312 apps with the SDK module — 53 of which were in the Google Play store. A week after, the SDK module was in 750 apps, 300 of which were in the store. Two days after that, the number ballooned to 1,330 apps, and 317 were available for purchase in the store.
The majority of the apps were live wallpapers, or free backgrounds for Android phones that featured cute cats, nature scenes or other cool effects. Others were free versions of popular apps like File Explorer or other photo-editing software.
While Apple formally approves every app that goes into its store, Android developers can upload directly to the Google Play store and have people download their apps almost immediately, eZanga CEO Rich Kahn explained.
A Google spokesperson said all apps submitted to Google Play are automatically scanned for potentially malicious code and spammy developer accounts before they are published. Google said it also recently introduced a proactive app review process, as well as Google Play Protect, which scans Android devices to let users know if they are downloading a malicious app. There is also Verify Apps, which warns about or blocks potentially harmful apps.
Google Play did remove all the apps eZanga named in the study within a few weeks, Kahn said. However, when they looked after the study in early August for the same SDK module, they found 6,000 more apps online (not necessarily in the Google Play store) that contained a morphed version of the malware. Developers are constantly tweaking their malware, which can make it hard to detect right away, Kahn explained. On top of that, there's so much malware out there its hard to police, he said.
To protect yourself and your phone, Kahn suggests keeping your Android phone always updated. Google often sends out a "signal" to knock out identified malicious SDK modules, and it can protect you if your phone already has the malware. Also, remember free apps don't necessarily mean you're not paying in some way, he said.
"If you like an app, pay for it," Kahn said. "Don't go and try a free version."