Google Play Store is considered to be the safest place to download and use Android apps. However, despite having robust security measures in place, the company has acknowledged that bad actors have some methods to bypass the security protocols and infect Android devices with malware.
The technique used by hackers is called “Versioning,” and it works in two ways. First, it might find its way to the victim’s device through updates to the already installed apps. The second method is by loading the malicious code from a server that the hackers directly control. This method is known as dynamic code loading (DCL).
Through these methods, a bad actor can deploy malicious payloads as native, Dalvik, or JavaScript code on Android and bypass the Play Store’s static analysis checks. Google says all applications submitted to the Play Store go through PHA (Potentially Harmful Application) screening. However, the company acknowledged that some apps might be able to bypass security checks through DCL.
Hackers use ‘Versioning’ tactic to infect Google Play Store apps with malware
According to Google explanations, “Versioning occurs when a developer releases an initial version of an app on the Google Play Store that appears legitimate and passes our checks, but later receives an update from a third-party server changing the code on the end-user device that enables malicious activity.”
All apps must use the update mechanism provided by Google Play. Offering any other way to update an Android app is extremely prohibited.
Google also prevents apps from downloading executable code from external sources to the official Android App Store. Applications that violate Google Play Deceptive Behavior policy are labeled as backdoors and will be removed from the store.
One example of this tactic was a banking malware called SharkBot, which was discovered in October 2021. The malware could bypass Play Store security checks by releasing versions with limited functionality. Once the app was installed on the victims’ devices, it downloaded a full malware version. SharkBot was available in the Play Store as an Android antivirus software.
The FBI recently warned that AI made it much easier for hackers to write and distribute malware. Likewise, Google blamed manufacturers’ delay in fixing security issues in their devices and apps. As an Android user, you should be more careful with the apps you download.
2023-08-07 15:06:44