Apple starts year with a bang as App Store sales hit record

Delia Walker
January 6, 2018

According to reports, more than 250 games that use the software from Alphonso is available on the Google Play Store for Android users, while some are also available in the App Store for iOS users. Unfortunately, instances like these, however small, corrode any confidence in the effectiveness of that method until people will hold suspect any and all apps that come even from Google Play Store. The app uses a software from Alphonso, a company that specializes in collecting user data for advertisers.

However, security researchers at Trend Micro saw through the entire operation being run by the developers behind such apps. Did you know this is also happening on your mobile device?

'The developers of these apps go far to make their notifications believable. "But the data shown in these messages are fake - they are just used to add a layer of legitimacy to the app".

If the user clicks through on a threat warning the app will claim it has been resolved, in order to allay potential user concerns.

On iOS devices, you'll open Settings, then open Privacy and then open Microphone. The options included one for displaying ads, typically when a WiFi connection is made, a call ends, the screen is being locked or a charger is plugged in. The operators of the malware appear to have designed it for the purposes of generating illegal ad revenues, the security vendor said.

Users are also asked to sign and agreed to an end-user licence agreement (EULA) that describes the information that will be gathered and used by the app. Google has done a lot to improve the experience of running mobile apps on its browser-based operating system, and it appears a forthcoming software update could fix one of the remaining problems.

The company's CEO Ashish Chordia is quoted in the report as saying that users opt-in fully aware, and can opt-out at any time.

Perhaps the most worrying part of LightsOut's stint in Google Play Store is that it got there at all, undetected even. Google loves to talk about how its machine learning and algorithms are able to automate security checks, removing the need for manual screening of apps.

Trend Micro spotted the apps in December 2017 and has notified Google of the fake apps.

LightsOut shows that hackers "are becoming more sophisticated in the way they are managing to bypass Google Plays' detections and continue to serve fraudulent ads", he said.

Other reports by

Discuss This Article