Well, guys, it looks like we have another unfortunate episode of a malware scare on our hands. An illegitimate developer account in the Google Play Store has recently been uncovered, and it’s been uploading some very suspicious apps. For starters, many of the apps are total ripoffs of other people’s work. The more well-known victims include Imangi and its Temple Run game, as well as Glu Mobile and its Contract Killer Zombies.
The developer, simply named “apkdeveloper,” seems to be decompiling the APKs, injecting potentially harmfiul code, and recompiling and reuploading them to pose as legitimate games and apps in the Play Store. All of the apps have “super” at the end of their names, but the only thing super about them is the super huge list of device permissions in comparison to the legit copies of these games.
For instance, Imangi’s Temple Run only asks for full network access and the ability to perform read and write operations to storage. The infringing Temple Run Super, on the other hand, asks for all of that alongside location information, phone status and identity, access to accounts on the device, the ability to run at startup and more.
As many are understandably afraid to install the application we’re not yet sure what the code might be capable of, but several reports suggest it delivers unwanted ads to several parts of your device. You could see an ad on the home-screen or your notification bar, for instance. And while that might not seem harmful it’s still downright annoying, obtrusive and there’s no telling what else is going on behind the scenes.
As I always say when it comes to downloading apps: be thorough. Check the name of the developer, check the reviews, check the descriptions and make sure you’re always downloading from legitimate sources. Do yourself a favor and find a few of these apps on the Play Store from your device — not to download, of course, but to report them to Google. Not only will this get the apps out of the Play Store, but Google will probably shut the developer account down entirely if it gets too many flags.
These are the unfortunate pitfalls we have to deal with on occasion if we want a more open market for downloading apps, but just as Smokey the Bear always reminds us that forest fires can be prevented, I’m here to remind you that this doesn’t have to become a bigger issue than it is.
Be safe, folks, and be sure to help some of the more oblivious Android users out by taking the time to report a few of these straight from your Android device. PS: Google, you REALLY need to implement a report link on the web version of the Play Store
[via Reddit, thanks Ashley!].
Ah good. More fodder for the “Android Malware OMGZ!!” bunch. This will be fun, considering they cannot discern the difference between a legitimate application asking for *way* too many privileges…and a virus.
I wonder if implementing a similar fingerprinting technique to scanning their apps as they do on Youtube (to filter copyrighted content) would help?
Hope Google reads this.
I couldn’t find the games or anything by that name for the account
It’s small price to pay for having an “open” system. Use common sense when downloading apps and stick with the Play Store or the Amazon app store. Even these are not completely immune, so read, read and read some more. As stated in the article….read your permissions, reviews, etc and don’t blindly download obscure apps such as Nekkid puzzle games, asian girl calendar apps, etc. Stick to downloading apps that have 50k or more downloads, unless it’s new and from a reliable developer.
Go a step further and download AVG or Lookout which both don’t eat up battery and will automatically scan any new file downloaded to your device. I used Lookout for 2 years, until I got my S3 and have been using AVG for the past 6 months. Works great!
it’s actually a large price to pay. 90% of android phones are sold to the non-tech savvy. These are the same people that let their anti-virus expire after the trial on their PC. These are the same people that have never heard of Phandroid.com. The system needs to protect the consumer, not the other way around.
I went through and flagged about 60 apps of theirs just a bit ago. By the time I got to 61, it said this developer no longer available.
LOL
The system works.
Always use common sense when downloading anything from anywhere. If it looks suspicious, don’t touch it.
haha
You just can’t help yourself can you JZH ?
That dude has been nothing but an Apple Troll and whining about a cdma nexus he probably never owned
It shows how sad apple fanboys are – by lurking around android sites waiting to here what the next big thing they WON’T have on their phone – until maybe 2016
I agree. Your life has to be seriously pathetic for you to want to do that. I don’t visit iPhone forums and talk shit. Hell I don’t even care that they prefer the iPhone. The best thing to do is laugh at their ignorance, call them an idiot and move on with your life. lol
Don’t feed the trolls! :)
Thank you for letting us know Quentyn. Don’t forget to give us an update when Google swing the Axe.
I think that developers area on the Play Store has been taken down.
I don’t see any of them. Hopefully Google already removed them.
From Google Cache:
All apps:
http://webcache.googleusercontent.com/search?q=cache:6J9Pyw7CwMQJ:https://play.google.com/store/apps/developer%3Fid%3Dapkdeveloper+&cd=1&hl=en&ct=clnk&gl=us
“Temple Run Super”
http://webcache.googleusercontent.com/search?q=cache:Ut58xUL1cw0J:https://play.google.com/store/apps/details%3Fid%3Dcom.imangi.templerun.apps+&cd=2&hl=en&ct=clnk&gl=us
Looks like a very low effort operation (all their apps have same icon, poor description, etc.) This type of activity should not be difficult to prevent.
It is shut down because I don’t see it even when I press the links.