While numerous vendors and tech giants have cooked up lower-cost Android phones with marketing focused on helping the poor, a recent study by advocacy group Privacy International found that the privacy trade offs of these devices are… potent. Not only do they usually come with outdated OS’ opening the door to hackers, the phones have locked down user control to such a degree they’re unable to remove apps that may also pose security risks. In this way, the researchers argued, we’ve made privacy a luxury option that’s only available to those who can actually afford it.
But the poor aren’t the only ones harmed by our continually lax treatment of consumer privacy and security. In a new blog post, researchers from Checkpoint Software say that a huge number of kids-oriented Android apps are also privacy and security nightmares. The researchers recently identified a new malware family found in 56 applications that were collectively downloaded some 1 million times globally. Motivated by advertising fraud, the “Tekya” malware imitates the user’s actions in order to click ads and banners from agencies like Google’s AdMob, AppLovin’, Facebook, and Unity, Checkpoint found.
Most-malware infected apps compromise the end users’ data, credentials, emails, text messages, and geographical location. Twenty four of those apps were aimed at children, the researchers noted:
“During this research, the Tekya malware family went undetected by VirusTotal and Google Play Protect. Ultimately, it was available for download in 56 applications downloadable on Google Play.
This campaign cloned legitimate popular applications to gain an audience, mostly with children, as most application covers for the Tekya malware are children’s games. The good news is, these infected applications have all been removed from Google Play.”
While these apps have been removed and Google has ramped up its security practices in recent years, it’s not a problem that’s generally going away anytime soon:
“This highlights once again that the Google Play Store can still host malicious apps. There are nearly 3 million apps available from the store, with hundreds of new apps being uploaded daily – making it difficult to check that every single app is safe. Thus, users cannot rely on Google Play’s security measures alone to ensure their devices are protected.”
In short, anybody trusting the integrity and safety of the Google Play store is making a significant error. And folks who aren’t taking an active role in protecting their kids’ privacy and security are being negligent. The Checkpoint blog has a good list of the latest apps you should be aware of.