Well, guys, it looks like we have another unfortunate episode of a malware scare on our hands. An illegitimate developer account in the Google Play Store has recently been uncovered, and it’s been uploading some very suspicious apps. For starters, many of the apps are total ripoffs of other people’s work. The more well-known victims include Imangi and its Temple Run game, as well as Glu Mobile and its Contract Killer Zombies.
The developer, simply named “apkdeveloper,” seems to be decompiling the APKs, injecting potentially harmfiul code, and recompiling and reuploading them to pose as legitimate games and apps in the Play Store. All of the apps have “super” at the end of their names, but the only thing super about them is the super huge list of device permissions in comparison to the legit copies of these games.
For instance, Imangi’s Temple Run only asks for full network access and the ability to perform read and write operations to storage. The infringing Temple Run Super, on the other hand, asks for all of that alongside location information, phone status and identity, access to accounts on the device, the ability to run at startup and more.
As many are understandably afraid to install the application we’re not yet sure what the code might be capable of, but several reports suggest it delivers unwanted ads to several parts of your device. You could see an ad on the home-screen or your notification bar, for instance. And while that might not seem harmful it’s still downright annoying, obtrusive and there’s no telling what else is going on behind the scenes.
As I always say when it comes to downloading apps: be thorough. Check the name of the developer, check the reviews, check the descriptions and make sure you’re always downloading from legitimate sources. Do yourself a favor and find a few of these apps on the Play Store from your device — not to download, of course, but to report them to Google. Not only will this get the apps out of the Play Store, but Google will probably shut the developer account down entirely if it gets too many flags.
These are the unfortunate pitfalls we have to deal with on occasion if we want a more open market for downloading apps, but just as Smokey the Bear always reminds us that forest fires can be prevented, I’m here to remind you that this doesn’t have to become a bigger issue than it is.
Be safe, folks, and be sure to help some of the more oblivious Android users out by taking the time to report a few of these straight from your Android device. PS: Google, you REALLY need to implement a report link on the web version of the Play Store
[via Reddit, thanks Ashley!].