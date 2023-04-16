



If you have an Android phone, the Google Play Store is probably where you get your apps. This is the safest and most convenient method, and you can usually rely on Google Play Protect to ensure that the apps you download are safe and won’t collect your data or hijack your phone. However, it’s not the whole picture.

If you’ve been following Android for a long time, you’ve probably read reports every few months that the most downloaded apps were found to contain malware. This isn’t usually the most popular app to secretly shepherd malware onto smartphones, but it’s enough of a problem that users should be wary of downloading apps that aren’t as popular.

A recent report from Kaspersky’s Secure List, a Russian cybersecurity company, details how much different types of malware cost to function on the Play Store. For example, a “loader” that injects malicious code into an existing app while bypassing Google Play Protect costs between $2,000 and $20,000. These apps typically have over 5,000 downloads on the Google Play Store and pose no threat until future updates. So while Google promises security, you should still be careful when using his official Android app store.

Creating Google Play Store Malware Is A Profitable Industry

Considering the amount of money they make from malware distributed on the Google Play Store, it’s no wonder that so many people are trying to exploit the system. Play Protect is limited in what it can do and seems to be better at recognizing known attacks than new ones. As listed on the secure list, many of these attackers clearly advertise their ability to bypass Google Play Protect.

The biggest problem lies in the fact that there are no truly secure apps. Technically, someone trying to load their own malicious code into your app could buy it. At that point, the developer pushes the update to the end user, who unknowingly installs the update and compromises their own security. This is probably why you can’t find a major app with more than his 1 million downloads. Growing up didn’t mean bad things.

This means that the Google Play Store has a fundamental flaw that malicious actors can exploit to buy already popular apps and distribute malware. Google trusts Play Protect to help its users, and while it seems to do a lot of great things, the fact that attackers can sell products that circumvent it as a security he mechanism is what it looks like. indicates that it is not as strong as outside.

Your best defense is to limit the apps you install

Any app can be a potential attack vector, so the best (and only) defense you can really rely on is to not install too many apps. The fewer apps you have installed, the less likely your installed apps will be updated with malicious code. For what it’s worth, most apps you update require additional permissions to become malicious, and as Secure List points out, some of those apps require installing another application. some may even try to grant those additional permissions. This means they are easy to spot, but you should be on the lookout anyway.

More importantly, install apps from trusted developers. Smaller, lesser-known developers are more likely to sell their apps to would-be attackers, while established developers are more trustworthy. That’s not to say the opposite can’t happen, but this is a game of odds, and few moves can be a surefire way to protect yourself.

Clearly, Google needs to do more to protect its users.

You can also limit the types of apps you install. Secure List notes that “cryptocurrency trackers, financial apps, QR code scanners and even dating apps” are the worst offenders. Most mobile phones now have a QR code scanner built into the camera. If not, Google Lens (pre-installed) supports his QR code scanning. When it comes to cryptocurrency trackers, there are plenty of web-based alternatives that don’t require an app.

However, it is clear that focusing attention on the user’s side has its limits and that Google needs to do more to protect its users. His yearly Android updates like Android 14 often come with security updates. Specifically, recent iterations force apps to use the latest API level to prevent exploiting loopholes that affect previous ones. However, not all phones update to the latest version of Android, so Google Play Protect will be your core defense. Always keep it up to date if possible.

