Digital security leader Avast has announced that it discovered 40 adware apps on the Google Play Store using its mobile threat intelligence platform, apklab.io. Avast says users have installed these apps repeatedly with the number of downloads ranging from 5,000 to 5 million.
TsSdk, as Avast is referring to this as, persistently displays full-screen ads and attempts to convince the user to install further apps. The adware applications are linked together by the use of third-party Android libraries which bypass the background service restrictions present in newer Android versions.
Avast says that these apps aren’t exactly forbidden from bypassing the background processes and thus is present on the Play Store. However, the apps use libraries that waste the user’s battery and make the device slower. The adware also continuously attempts to display more and more ads to the user, going against Play Store rules.
Avast has confirmed that it has contacted Google to have these app removed. Avast named the adware TsSdk because the term was found in the first version of the adware. The security company found that there were two versions of TsSdk on the Play Store, linked together by the same code. The older of the two had been installed 3.2 million times across gaming, fitness, and photo editing applications used in India, Indonesia, Philippines, Pakistan, Bangladesh and Nepal.
The apps with the older version of TsSdk appear to work as advertised on their Google Play pages, however, additionally, shortcuts are dropped onto the home screen and full-screen ads are shown to the user when they turn the screen on, and in some cases, the ads are shown periodically when the user uses the device. In some cases, the apps contain code capable of downloading further applications, prompting the users to install them. Additionally, most of the older samples also added a shortcut to a “Game Center” on the infected device’s home screen, which opens a page advertising different games.
The newer version has been installed 21 million times and was included in music and fitness apps used in India, Philippines, Indonesia, Malaysia, Brazil, and the UK. This version carries out several checks before deploying full-screen ads. First and foremost, the adware is only triggered if the user installs the app by clicking on a Facebook ad. The application can detect this using a Facebook SDK feature called “deferred deep linking”. The adware only shows ads within the first four hours of the app being installed and then much less frequently. The newer version was also found to not work in phones running Android version 8.0 and above because of changes in the background service management.
How to avoid adware app:
1. Exercise caution before installing a new app – Read app reviews before installing a new app, carefully reading both positive and negative reviews. Notice if reviewers comment on whether or not the app does what it says it will do. If an app’s review includes comments like “this app doesn’t do what it promises” or “this app is packed with adware,” – one should reconsider downloading the app.
2. Check your app permissions – Apps on both Android and iOS devices ask for access to various features on the smartphones they use and most of them basically revolve around contacts, camera, microphone, location, calendar, gallery, sensors, access to other social media apps. Grant certain permissions to apps that you deem will need access or it’s a sign that the app is doing more than what’s asked for.
3. Install an antivirus – Antivirus acts as a safety net and can identify apps that are infected with adware, protecting users from these unwanted apps.