The most popular of the three, a card game called Durak, had been installed more than 5m times according to the store’s public stats. Antivirus software maker Avast also identified an IQ test app and Russian history app as fellow offenders.
“When you install Durak, it seems to be a completely normal and well working gaming app. This was the same for the other apps,” explained Avast’s Filip Chytry in a blog post.
“This impression remains until you reboot your device and wait for a couple of days. After a week, you might start to feel there is something wrong with your device. Some of the apps wait up to 30 days until they show their true colors.”
Those true colours are pop-up advertisements shown to people whenever they unlock their infected device, warning them about a (false) problem with it that needs to be solved by installing new software.
“If you approve you get re-directed to harmful threats on fake pages, like dubious app stores and apps that attempt to send premium SMS behind your back or to apps that simply collect too much of your data for comfort while offering you no additional value,” wrote Chytry.
“An even bigger surprise was that users were sometimes directed to security apps on Google Play. These security apps are, of course, harmless, but would security providers really want to promote their apps via adware?”
The presence of adware-toting apps on the Google Play store is surprising, since most reports of Android malware and adware tend to focus on apps distributed through unofficial stores, rather than Google’s official outlet.
Google appears to have taken speedy action to remove the three apps identified in this case, but Android’s popularity – there were more than one billion active Android users in June 2014 – will continue to make these devices and their official store a target for scammers.
This article was written by Stuart Dredge, for theguardian.com on Wednesday 4th February 2015 11.29 Europe/Londonguardian.co.uk © Guardian News and Media Limited 2010