The Android Security Apps Causing You More Harm Than Good
10 April 2018 00:00
There are some applications out there that could be causing you more harm than good - and Google Play has just discovered a tonne of them in the Android App Store.
How they were found
There are some pretty awful mobile security solutions out there, but one thing you’ll likely hear in response to that statement is that “poor security is better than no security”. True, but there are some applications that could be causing you more harm than good - and Google Play has just discovered a tonne of them in the Android App Store.
35 apps have been flagged by ESET for impersonating security solutions in order to display ads to users (luckily for you Android users, they’ve now been shifted from the store). But, having been around for a good few years, not to mention gathering a minimum of six million downloads, there’s more than enough damage and irritation already done.
Why are these ‘security’ apps so bad?
For starters, having advertisements shoved in your face is pretty damn annoying, but there are some other serious negative side effects that can arise, too.
Let’s start with the mimicking of basic security functions. These 35 apps all rely on a few trivial hardcoded rules, acting as primitive security checkers that don’t really offer much value - especially when you consider that they often detect legitimate apps as being malicious.
Then there’s the harmful nature of victims feeling a false sense of security - which can cause a number of headaches when they do get exposed to reals risks from dodgy applications.
Why they’re even worse than bad
In ESET’s research and analysis, a handful of these apps stand out for all the wrong reasons. One app charges users for a paid upgrade; another has implemented a basic and easily bypassed app locker manager, and one app has even flagged other apps from this group as dangerous by default.
How they function
So how did these ad-displaying apps manage to stay under the radar for so long? Well, it’s all down to how well they mimic actual mobile security solutions. The only downfall for them was the incredibly basic and incomplete ‘detection mechanisms’ - which make them prone to false positives.
Security news site WeLiveSecurity labelled these ‘defence mechanisms’ into four categories:
- Package name whitelist and blacklist
The whitelist contains popular apps such as Facebook, LinkedIn and Skype - yet the blacklist contains far too few items to be considered as secure at all.
- Permissions blacklist
All apps, even legitimate ones, are flagged if they require some of the listed permissions that are considered dangerous, such as send and receive SMS or accessing location data.
- Source whitelist
All apps but those from the official Android store are flagged - even if they pose no harm at all.
- Activities blacklist
The implementation of activity blacklisting in these questionable apps is rather sloppy. For example, Google Ads is included in the blacklist despite the fact that it is a legitimate service.