[ad_1]
The researchers said A tip from a child led them to discover the aggressive adware and outrageous prices that lurk on iOS and Android smartphone apps with a combined 2.4 million downloads from the App Store and Google Play.
ARS TECHNICA
This story originally appeared on Ars Technica, a trusted source for technology news, technology policy analysis, reviews, and more. Ars is owned by WIRED’s parent company, Condé Nast.
Posing as entertainment apps, wallpaper images, or music downloads, some of the titles displayed intrusive advertisements even when an app was not active. To prevent users from uninstalling them, the apps hid their icon, making it difficult to identify where the ads were coming from. Other apps charged between $ 2 and $ 10 and generated revenues of more than $ 500,000, according to estimates from SensorTower, an application intelligence service for smartphones.
The apps came to light after a girl found a profile on TikTok promoting what appeared to be an abusive app and reported it to Be Safe Online, a project in the Czech Republic that educates children about online safety. On the trail, researchers at the security firm Avast found 11 apps, for iOS and Android devices, that were involved in similar scams.
Many of the apps were promoted by one of three TikTok users, one of whom had more than 300,000 followers. An Instagram user was also promoting the apps.
“We are grateful to the young woman who informed us of the TikTok profile,” Avast threat analyst Jakub Vávra said in a statement. “Her conscience and responsible action is the kind of commitment that we should all show to make the cyber world a safer place.”
The apps, Avast said, made misleading claims about the app’s functionalities, ran ads outside of the app, or hid the original app’s icon shortly after it was installed, all in violation of the app markets terms of service. . The promoted links on TikTok and Instagram led to the iOS or Android versions of the apps, depending on the device that accessed a particular link.
“It is particularly worrying that apps are being promoted on social media platforms popular with younger children, who may not recognize some of the red flags surrounding apps and therefore may fall in love with them,” added Vávra.
Avast said it privately notified Apple and Google about the behavior of the apps. Avast also alerted both TikTok and Instagram about the complicit accounts running the promotions.
A Google spokesperson said the company removed the apps and web searches appeared to confirm this. Several of the iOS apps appeared to still be available on the App Store while this post was being prepared. Representatives for Apple and TikTok did not immediately comment for this post. Representatives for Facebook, which owns Instagram, did not respond to a request for comment.
Android users are already familiar with Play Store service apps that are completely malicious or perform unethical actions, such as delivering a flood of ads, often without an easy way to reduce the deluge. Abusive apps on the App Store, on the other hand, come to light much less frequently; not that those iOS apps are never found.
Last month, researchers discovered more than 1,200 iPhone and iPad apps snooping on URL requests that users made within an app. This violates the terms of service of the App Store. Using an ad serving software development kit, the apps also spoofed click notifications to give the false appearance that an ad seen by the user came from an ad network controlled by the app, even when that was not the case. The behavior allowed the SDK developers to steal revenue that should have gone to other ad networks.
People considering installing an app should spend a few minutes reading ratings, reviewing prices, and checking permissions. For the apps found by Avast, the average rating ranged from 1.3 to 3.0.
“This is all bad, don’t buy it,” wrote one iOS user in a review. “I bought it accidentally. $ 8 wasted and it doesn’t work. “
This story originally appeared on Ars Technica.
More great stories from WIRED
