Popular Google Play Store apps removed for stealing Facebook passwords
Ever since they became popular, app stores have become one of the most common and highly advised ways to get apps for various platforms. Official app sources like Apple App Store and Google Play Store offer a selection of software and games that have passed their scrutiny, offering a sense of security that these apps are safe for use. Unfortunately for Google, the credibility of its sanctioned Android app marketplace has been put into question time and again, and a recent incident shows how popular apps can still pose a security risk for users.
Google Play Store is home to hundreds of apps of varying qualities. There are, of course, popular apps from big names, but, once in a while, a few obscure utilities rise above nearly identical apps. Unfortunately, just because they have been downloaded thousands or even millions of times means they are what they claim to be.
Dr. Web reveals at least nine such apps on Google Play Store that were specifically designed for one purpose. Offering actually useful and valid functionality, these apps housed trojans that deceived users into giving their Facebook credentials so that the apps' developers, or at least the authors of the malware, could then compromise those users' social media accounts.
The apps probably passed Google Play Store's review process because they did work as advertised. The trick was in the offer to either remove ads or access more functionality by signing into a user's Facebook account. It showed the legitimate Facebook login page in an embedded WebView but with injected Javascript to intercept the user's login details.
The apps have already been removed from Google Play Store, but only after the apps were discovered and reported. Unfortunately for the presumably thousands of users of these apps, it might already be too late, and are advised to scan their phones and reset their Facebook passwords. Hopefully, Google will be able to use the data from this incident to better improve Google Play's machine learning and block similar apps before they can even get in.