14 DAY TRIAL // Apps sharing advertisements outside their context have been discovered on Google’s official marketplace for Android devices. Some of them have been downloaded more than five million times and direct the user to dodgy app repositories.
Advertisements being displayed in free mobile apps when they are used is a common thing, and in most cases the banners are shown so that the user experience is not disrupted.
Apps do not show their true colors immediately
However, security researchers found software spitting this type of content during activities such as unlocking the device, when the app is not actively used.
One such example is the Durak card game, according to Filip Chytry from antivirus vendor Avast, which sits silently for a predefined period of time before initiating the aggressive promotion.
Durak is currently listed on Google Play with an installation count between five and ten millions and a four-star overall rating.
Chytry says that the app won’t show any signs of adware-related activity immediately after installation, taking about a week until its real purpose is revealed.
In other cases, though, the wait may be longer. “Some of the apps wait up to 30 days until they show their true colors. After 30 days, I guess not many people would know which app is causing abnormal behavior on their phone, right?” a blog post published on Tuesday by the researcher informs.
He says that, at one point, warning messages pop up each time the device is unlocked and that they alert of false problems (outdated OS, security risks) that need to be addressed on the spot.
Accepting the help offer sometimes redirects to suspicious locations or other apps that try to trick into subscribing to a premium message service without the consent of the user.
Some redirects are to legitimate apps
Some user reviews for Durak confirm the dubious nature of the app, one of them saying that it launches “full screen ads while the game is not even running.” Another user (Eilon Vainter – August 21, 2014) reports that an ad appears each time the phone is used, while in a different case (Petr Gangnus – July 16, 2014), it has been reported that the ads appear even when the app sits in the background.
Avast researchers also found that not all of the advertisements shown by these apps presented a risk, as sometimes they pointed to legitimate mobile security products, also available on Google Play.
“The biggest surprise actually was that the re-direction even leads to a big mobile antivirus provider, Qihoo 360. I wasn‘t able to find any connection between Quihoo 360 and the nasty adware, but I am guessing the adware providers aren’t doing these re-directs for free,” Chytry says.