Over 2,000 fake Android apps discovered

24 June 2019

Popular games were commonly impersonated by counterfeit apps

University of Sydney researchers analysed over one million Google Play apps and found over 2,000 counterfeit apps. Popular games such as Temple Run, Free Flow, and Hill Climb Racing were the most common targets for app impersonation.

Dr Seneviratne says smartphone users should never install apps from non-official app stores or by searching online.

The apps you regularly use to log your steps, edit your photos and monitor your finances may be hiding malicious software that could be tracking and even stealing your personal information.

As part of a two-year cyber security project, researchers from the Faculty of Engineering's School of Computer Science and Data61-CSIRO investigated over one million Google Play apps and discovered 2,040 potential counterfeit apps.

Many of the fake apps impersonated highly popular apps and contained malware, with popular games such as Temple Run, Free Flow and Hill Climb Racing being the most commonly counterfeited. The study also found that several counterfeit apps request dangerous data access permissions despite not containing any known malware.

Counterfeit or ‘fake’ apps are often used by hackers to steal user data or infect a device with malware. Installing counterfeit apps can lead to a hacker accessing personal data and can have serious consequences such as financial losses or identity theft.

“Many fake apps appear innocent and legitimate — smartphone users can easily fall victim to app impersonations and even a tech-savvy user may struggle to detect them before installation,” explained School of Computer Science academic and cybersecurity expert Dr Suranga Seneviratne.

“In an open app ecosystem like Google Play the barrier to entry is low so it’s relatively easy for fake apps to infiltrate the market, leaving users at risk of being hacked,” he said.

Above: Visually similar app icons in the top-10 apps of Google Play, which were not necessarily malicious. The researchers’ method, detailed in the paper, gave each app a similarity score based on style, content, structural similarity, hashing and the number of features detected on each icon.

The Google Play Store is the largest of its kind, hosting over 2.6 million applications, many of which have been developed by third parties.

“While Google Play’s success is marked on its flexibility and customisable features that allow almost anyone to build an app, there have been a number of problematic apps that have slipped through the cracks and have bypassed automated vetting processes,” he explained.

“Our society is increasingly reliant on smartphone technology so it’s important that we build solutions to quickly detect and contain malicious apps before affecting a wider population of smartphone users,” he said.

Director of the NSW Cyber Security Network, Todd Williams, believes the research has the potential to place New South Wales on the map as a leader in cyber security.

“The NSW Cyber Security Network is very pleased to be able to support the world-leading research of the University of Sydney. This research further strengthens NSW as a leader in cybersecurity,” he said.

Hackers may use counterfeit apps to steal data and personal information

Tips to avoid being hacked by counterfeit app

Do your homework - If you want to try out a new app, find out which platforms and countries it has officially been released in. Counterfeiters may target countries or platforms where some popular apps are yet to be released.
Be mindful of cross app market counterfeits - One common trap that you might fall into is downloading an app on Google Play that has only been released on the Apple Store. Always check to see if an app has been released on both platforms before downloading.
Read the app description and check metadata - Read the app description carefully and check the available metadata, such as the developer information, number of downloads, release date, and user reviews before any installation. For example, a Facebook app with only 100,000 downloads would be an immediate red flag as the authentic Facebook app would instead have billions of downloads.
Stick to official app stores - Do not install apps from non-official app stores or just by searching online.
Carefully check the permissions requested by the app - One possible way to understand an app’s behaviour is by understanding the permissions requested by apps. See whether the permission requests make sense by asking questions like, "does this app really need to access my SMS"?
Regularly update your operating system and remove any apps you no longer use - It’s crucial that you keep your operating system up-to-date so that even if you do accidentally install a malicious app, it will not be able to bypass your smartphone’s security system.

About the research

The paper, A multi-modal neural embeddings approach for detecting mobile counterfeit apps, was co-authored by Mr. Jathushan Rajasegaran, Mr. Naveen Karunanayake, Dr Ashanie Gunathillake, Dr Suranga Seneviratne and Dr. Guillaume Jourjon and was published in the Proceedings of The World Wide Web Conference 2019.

Funding disclaimer

The research has been partially funded by the 2017 Google Faculty Rewards grant, the 2018 NSW Cyber Security Network’s Pilot Grant Program, and the Next Generation Technologies Program. The authors would like to thank VirusTotal for kindly providing access to the private API that was used for the malware analysis in this paper.