Skip to main content

Over 1% of Google Play Store apps are copycat "thief-ware"

More than one per cent of apps in Google Play Store are "aggressive" copies of legitimate apps, according to security firm Bitdefender. The copied apps have been modified in order to include more intrusive tracking, access to text message and call history, and users' social media accounts.

The plagiarised apps, so-called "thief-ware", also contain different advertisement libraries to the originals, so profits are redirected to the app pirates.

"Other modifications add extra advertising modules to collect more data from the user than the initial developer planned," wrote Bitdefender's Loredana Botezatu in the report.

Moreover, a plagiarised application "can be extended to place home-screen icons, spam the notification bar, and so on" in order to maximise the hijacker's revenue.

Researchers from Bitdefender analysed 420,646 apps available on the Play Store, and found that 5,077 of these contained code directly ripped from legitimate apps like Facebook and Twitter. That's a total 1.2 per cent of apps examined by the team.

Some of these knockoffs were almost indistinguishable from the originals, and had been downloaded over 50,000 times.

A total 7.76 per cent of amendments to the repackaged apps could allow an unauthorised party to make phone calls from the mobile device, and 7.25 per cent allowed someone to read the user's call history.

While "detection automatically results in the termination of the associated developer account," and a one-off cost of $25 (£15.53) is required to create publisher's account on the Play Store, these restrictions don't seem to be working to curb the issue.

Indeed, Bitdefender found that most vendors of thief-ware were simply factoring this into their operational costs and compensating with their fraudulently acquired profits. "Otherwise," the report states, "the business would not be profitable at all."

An additional factor leading to the duping of users is that apps requiring a purchase from the Play Store are sometimes repackaged and published for free, with the invasive protocols added.

In one instance using the mobile game Riptide GP, the report claimed that if "all those that downloaded the copies bought the original app," then the developer of the original code "might end up losing between 3,100 and 15, 500 clients and some $6,200 and $31,000" (£3,850-£19,250) as a result of the plagiarised version.

The problem is exacerbated by Google's hands-off approach to it's Play Store, allowing users to post any app, and then moderating them afterwards. This is in stark contrast to Apple's App Store, in which the apps are strictly moderated before reaching the public.

The company has struggled with fraudulent entries in its Play Store in the past, deleting an embarrassing number of fake apps earlier this year.

Security concerns have also been raised after a Trojan was found to be distributed through Google Play for the first time.

Google has yet to comment officially on the report.