Android users, watch out! There could be malicious apps in Google’s Play Store posing as some of your favorite games.
As a Redditor pointed out earlier today, an illegitimate developer account in the Google Play Store has been recently discovered. This account has been uploading phony apps that are complete rip-offs of other titles in the Android app store. Some of the more popular ones include an imitation version of Imangi’s Temple Run game and Glu Mobile.
The developer behind the operation, known as “apkdeveloper,” appears to be decompiling the APKs of these apps and injecting code that could be harmful. APK stands for Android Package, and it is the type of file used to distribute and install application software onto Google’s mobile operating system. After this alleged hacker inputs malicious code, he or she recompiles the APK and uploads the file to the store, posing as legitimate apps. Each of these apps as the word “super” tacked on to the end of its name. These illegitimate apps also have a lengthy list of device permissions in comparison to the actual apps, so be wary to avoid them.
For example, Imangi’s Temple Run only requests permission to access the device’s full network and to perform, read and write operations to storage. Temple Run Super, however, also asks for location information, phone status and identity, access to accounts on the device, and more.
Luckily many Android users can differentiate these phony apps from the real ones. According to Android news blog Phandroid, it doesn’t seem as if many users have downloaded these harmful apps. This means that little is known about what this code is actually capable of, but reports have indicated that it could add unwanted advertisements to various parts of your device. For example, these permissions could allow ads to pop up on a user’s home screen or notification bar. While this might not crash Android smartphones or tablets or erase a user’s data, it’s sure to be quite an annoyance.
It’s always important to be cautious and careful when downloading apps. Check the name of the developer and ensure that the app is coming from a legitimate source before installing it.