Fraudulent apps have returned to the Google Play Store; this time, as live wallpaper apps which have already been downloaded a total 1.1 million times. That’s according to new data from fraud protection software Anura by eZanga, which can identify bots, malware and human fraud.
Anura monitors the app store regularly and found that since August 28th, three developers with Gmail accounts had uploaded more than 43 zombie apps.
Once downloaded the apps generate clicks without having to be touched. The fraudulent apps had a script that was modified enough to slip past Google Play Protect.
eZanga had previously reported that 1,300 apps in the Google Play store were containing code that engaged with mobile ads in sleep mode.
Joe Rodichok, Director of Engineering and Technology at eZanga, explained:
“Like a stolen red car painted black to avoid detection, these apps are barely changed from what we found only a few months ago. These fraudsters are simply altering one part of their code in order to make it undetectable to Google.”
In addition, some of the fraudulent apps were directed at children – “Cute White Kitten Live Wallpaper” or “Cute Fluffy Rabbit Live Wallpaper” and are rated “E for everyone.”
Interestingly, the problem only affects the Google Play Store, but not the Apple App Store. That may be due to Apple testing apps before publishing them, whilst Google provides a more open model that lets developers globally publish their apps. If they are found to be fraudulent, these apps are only removed afterwards. In the wake of continued app fraud, it may be time for Google to reconsider its app store model.
“Google is the ‘Wild Wild West’ of mobile, where, in the past, developers could create as they pleased, with limited restrictions,” said Rich Kahn, CEO and co-founder of eZanga. “In less than eight weeks, we’ve seen fraudsters bypass Google’s failsafes, reinforcing that Google isn’t immune to fraud and still needs to address how it’s proactively fighting fraud.”