Previous Page
PCLinuxOS Magazine
Article List
Next Page

A Very Bad Time For Android Apps? Or Just Cleaning Up The Mess?

by Paul Arnote (parnote)

Yes, I know this is a magazine dedicated to Linux, and more specifically PCLinuxOS. As such, the state of the Google Play Store isn't of much direct concern for PCLinuxOS users when it comes to running or using their PCLinuxOS installation.

BUT ... Android does use the Linux kernel as the core component of its OS. I suspect that a lot of PCLinuxOS users use Android because of this, over the closed-source and limited ecosystem that is iOS. I suspect that PCLinuxOS users use phones and tablets running Android to fulfill their mobile computing needs. Supporting a mobile platform that uses the Linux kernel as its core component would be a natural extension of one's support for Linux.

We'll also discount, for the time being, the enormous amount of hatred for Google, especially among users of Linux and other open source software. Google is the force that drives Android, so there are bound to be a lot of people who shun Android because of its inextricable relationship with Google. It's hard to blame anyone going to such lengths to disassociate themselves with all things Google. The search engine behemoth has brought it upon themselves through their missteps, past, present and ongoing.

Since the first of the year, there have been multiple reports of Android malware and adware being removed from the Google Play Store. The real question is whether the Google Play Store has become the wild, wild west, or if Google is following through on their stated goal of cleaning out "bad actors" from the play store, or a combination of the two.

To kick things off, Google is cracking down on apps that track your location, according to an article on The Verge. Google is examining apps and disallowing location tracking if that tracking doesn't affect the core functionality of the apps. Google has even vowed to follow that edict, even when it comes to its own apps. So, it is not just cracking down on third party developers, but also following the new rules itself.

After all, do you really need your sound recorder app to have location tracking ability? Do you really need your latest waste/pass your time away game to track your location? I think not, in either case. There are a LOT of apps that have location tracking enabled that do not require it to fulfill its core functionality.

In the December 2019 issue of The PCLinuxOS Magazine, we told you about Google forming the App Defense Alliance. A few months in, though, the cybersecurity firm Check Point points out that "the improvements aren't what we hoped they would be." Through their research, Check Point has discovered two threats actively hiding in the Play Store: Joker and Haken, according to an article on Forbes.

Joker detects from what country a user is using the infected software, and then subscribes the user to premium services, without the user even knowing. The malware was reported on by Forbes back in September 2019, and at that time, it had infected over 500,000 devices. Check Point states that Joker-infested apps are still finding their way into the play store, circumventing Google's defenses.

Here's the real problem, though. Users can "uninstall" Joker-infected apps, but doing so does not remove the premium subscriptions. It is up to the end user to go in and manually remove those subscriptions that the Joker-infected app signed the user up for.

The Joker-infested apps reported by Check Point are:, com.race.mely.wpaper,, and com.vailsmsplus.

Meanwhile, the Haken malware is a clicker. Those types of malware mimic a user clicking on an ad to get illicit ad revenues. They also tend to keep running in the background, long after a user has closed out the app ... or thinks they have closed it out. They typically continue to serve up ads and mimicking user clicks in the background. Clicker malware also tends to serve up an excessive amount of ads, so that might be one of your clues that you have clicker malware installed on your mobile device.

The Haken-infested apps reported by Check Point are:, com.haken.compass, com.haken.qrcode,,,,, and com.vimotech.inongdan.

You can read the entire Click Point report here, where it goes into a very deep explanation of how these malware exploits work.

Google is also cracking down on what it terms "disruptive" ads according to news reported on BuzzFeed. Disruptive ads are defined in Google's ad policy as ads that originate from an app when that app is not currently in use.

In a security blog post, Google's Per Bjorke said, "This is an invasive maneuver that results in poor user experiences that often disrupt key device functions and this approach can lead to unintentional ad clicks that waste advertiser spend. For example, imagine being unexpectedly served a full-screen ad when you attempt to make a phone call, unlock your phone, or while using your favorite map app's turn-by-turn navigation."

As a result, Google has removed approximately 600 apps from the play store and banned their developers for ad fraud and violating the disruptive ad policy. Although Google declined to name specific apps, most of the apps were written by developers from China, Hong Kong, Singapore and India. The nearly 600 apps target English-speaking users, and have been installed more than 4.5 billion times.


It appears that the Google Play Store cleanup is fully underway. Google is using AI methods to search for malware signatures in apps submitted for the play store. Coupled with their App Defense Alliance, the hope is to be able to clean up the app store, and prevent malware from ever appearing in the play store in the first place by subjecting new apps to rigorous scrutiny.

All we can say is ... it's about time!

Previous Page              Top              Next Page