Google Inc. (NASDAQ:GOOGL) (NASDAQ:GOOGL) has deleted a malicious app from its Play Store that made users believe it was a legit battery app.
The impostor made it seem like it was BatteryBot Pro app you were downloading but users were getting something else on their smartphones. The real app monitors how much power a smartphone is using with its applications.
The malicious app was able to send premium-rate text messages and blocked people from deleting it, said security company Zscaler on its blog.
An expert on the security of smartphones said the users that downloaded the fake app might have to contact their mobile provider to get more information on what the application did. “Malicious apps in the Google Play store are nothing new,” said Rik Ferguson, vice-president of security research at Trend Micro.
“Android is the most widely installed mobile operating system so it’s an attractive user base for attackers.
“But undeletable apps like this exploit consumers who store their personal lives on a smartphone. We’re reluctant to wipe our handset in case we lose something.”
The Real App
The real BatteryBot Pro is a popular app for Android smartphones that gives users every bit of detail on the battery’s life and how it’s being spent. As many of you Android users know by now, when you download an app from the Play Store it asks for permission to access the functions that the new installation needs to use.
With the malicious version, it requested a lot more, including access to features that did not have much to do with the battery, like the ability to send text messages, install other apps and track a user’s location. It would also ask to be an administrator so you couldn’t be able to delete it later on, even after the company had removed it from the list of available apps. “I would recommend visiting your mobile provider as a first port of call,” said Mr. Ferguson.
“This app targets people who are not confident with technology, so I’d recommend seeking help in the High Street stores.”
Zscaler said the fake app was probably created to commit “click fraud”, which occurs when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without providing anything to the user interested.
The Android operating system has been criticized in the past because it only offers two options when installing an application, allow what’s being required or say no and get no app. “You can’t tell the phone, ‘I trust Google and Amazon, but nobody else’,” said Mr. Ferguson, “It’s all or nothing.”
The giant has said recently that its next version of mobile operating system, known as the Android M, would give users more options when it comes to this sort of thing.
The malicious app was removed right away from the store when the company found out what was going on. Google did not mention the app but did say they had clear policies for the ones who create these things. “We remove apps from Google Play that violate those policies,” it said.