Google never misses a chance to talk about improved security on Android and, to some extent Chrome, especially when it means talking about AI and machine learning to no end. News after news of malicious apps getting into Google Play Store, however, almost throws all of that out the window. Google Play Store is supposed to be Android’s most secure and safest source of apps but a new study shows that more than 2,000 of those apps are not only counterfeits but potentially harmful apps as well.
Google rarely manually screens apps that go into Play Store, preferring to let automated processes do the job of weeding out the bad apps from thousands of submissions. On the one hand, it creates a more open ecosystem and lowers the barrier to entry for all developers. On the other hand, it also lets cases like this study happen.
Researchers from the University of Sydney and Data61 from CSIRO conducted a two-year study of the apps on Google Play Store. It used machine learning to check for apps with similar looking icons and potentially plagiarized text. This method alone yielded 49,608 potential copycat apps.
The researchers then applied even more processes to whittle the list down. In the end, it got 2,040 apps that were not only fakes but also high-risk ones. Other figures include 1,565 apps that asked for “dangerous” permissions that they don’t need and 1,407 included embedded third-party ad libraries. Some of the most counterfeited apps include games like Temple Run but every time a new hit game is launched, you can bet a copycat will follow.
This isn’t exactly a call for Google to impose an Apple-like level of scrutiny and censorship. That could, ironically, kill off the Android app ecosystem just the same. It should, however, be a wake up call for Google to perhaps step up its game and implement more security features because, as it stands now, its strategy clearly isn’t working that well.