Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Sunday June 09 2019, @10:05PM   Printer-friendly
from the program's-popularity-provided-no-protection-perniciousness-persevered dept.

238 Google Play apps with 440 million installs made phones nearly unusable

If the prevalence of abusive Google Play apps has left you numb, this latest report is for you. Carefully concealed adware installed in Google-approved apps with more than 440 million installations was so aggressive that it rendered mobile devices nearly unusable, researchers from mobile security provider Lookout said Tuesday.

BeiTaAd, as the adware is known, is a plugin that Lookout says it found hidden in emojis keyboard TouchPal and 237 other applications, all of which were published by Shanghai, China-based CooTek. Together, the 238 unique apps had a combined 440 million installs. Once installed, the apps initially behaved normally. Then, after a delay of anywhere between 24 hours and 14 days, the obfuscated BeiTaAd plugin would begin delivering what are known as out-of-app ads. These ads appeared on users' lock screens and triggered audio and video at seemingly random times or even when a phone was asleep.

"My wife is having the exact same issue," one person reported in November in this thread discussing BeiTaAd. "This will bring up random ads in the middle of phone calls, when her alarm clock goes off or anytime she uses any other function on her phone. We are unable to find any other information on this. It is extremely annoying and almost [makes] her phone unusable."

Lookout's post said the developers responsible for the 238 apps went to great lengths to conceal the plugin.

[...] Lookout reported the behavior of BeiTaAd to Google, and the apps responsible were subsequently either removed from Play or updated to remove the abusive plugin. There's no indication that CooTek will be banned or otherwise punished for breaching Play terms of service on such a mass scale and for taking the steps it did to hide the violation. The remaining 237 CooTek apps that embedded the plugin are listed at the end of Lookout's post.

Update: [on Ars Technica] In a statement sent 10 hours after this post went live, a CooTek representative wrote: "The module mentioned in the report was one of the monetization SDK in our previous versions, and it was not intended for adware purposes. Before the report, we already noticed the issue and disabled the advertising functions in the SDK in question several months ago. We further removed the entire module in question in last month."


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 3, Interesting) by Booga1 on Sunday June 09 2019, @10:24PM (6 children)

    by Booga1 (6333) on Sunday June 09 2019, @10:24PM (#853494)

    "We further removed the entire module in question in last month."

    Like, a week and a half ago?
    Management to devs, "Oh crap, they're onto us! Quick, update the app and when the news hits, just tell them we already took care of it."

    Guess this is just another company I'll have to watch out for when I go looking for something to install. Sadly the list is getting longer and longer...

    • (Score: 2) by PartTimeZombie on Sunday June 09 2019, @10:26PM (4 children)

      by PartTimeZombie (4827) on Sunday June 09 2019, @10:26PM (#853495)

      Yes but

      Lookout says it found hidden in emojis keyboard TouchPal and 237 other applications,

      People are installing emoji keyboards? Why?

      • (Score: 4, Insightful) by Anonymous Coward on Sunday June 09 2019, @10:49PM (3 children)

        by Anonymous Coward on Sunday June 09 2019, @10:49PM (#853497)

        Think of an average person. 50% are dumber than that.

        • (Score: -1, Troll) by Anonymous Coward on Sunday June 09 2019, @11:02PM

          by Anonymous Coward on Sunday June 09 2019, @11:02PM (#853499)

          Do you mean the women, or the Democrats?

        • (Score: 0) by Anonymous Coward on Monday June 10 2019, @12:22AM

          by Anonymous Coward on Monday June 10 2019, @12:22AM (#853514)

          Think of an average person. 50% are dumber than that.

          George Carlin had a funny routine about that.

        • (Score: 0) by Anonymous Coward on Monday June 10 2019, @02:54AM

          by Anonymous Coward on Monday June 10 2019, @02:54AM (#853551)

          Think of an average person. 50% are dumber than that.

          And 100% of them are dumber than that.

    • (Score: 1, Informative) by Anonymous Coward on Sunday June 09 2019, @10:54PM

      by Anonymous Coward on Sunday June 09 2019, @10:54PM (#853498)

      Flexitime! A week? A month? :)
      Emoji keyboards - try the under-20 and/or asian crowd - they are into this sort of thing.

  • (Score: 4, Interesting) by inertnet on Sunday June 09 2019, @11:20PM (1 child)

    by inertnet (4071) on Sunday June 09 2019, @11:20PM (#853504) Journal

    Always check F-Droid first for any app you might need. I hardly ever have to visit the Google store.

  • (Score: 3, Interesting) by SomeGuy on Sunday June 09 2019, @11:40PM (6 children)

    by SomeGuy (5632) on Sunday June 09 2019, @11:40PM (#853508)

    My Plain Old Telephone Service and my 1980s Unisonic desk phone are laughing my ass off.

    Malware? Advertising? Good luck getting that on my phone! Well, there is that Rachel from Cardholder Services bitch, but you get those too.

    "monetization SDK"?! Damn sure, not on my phone!

    • (Score: 2) by RS3 on Monday June 10 2019, @06:38AM

      by RS3 (6367) on Monday June 10 2019, @06:38AM (#853579)

      I wonder how many people try to send sms (text) to your landline!

    • (Score: 2) by All Your Lawn Are Belong To Us on Monday June 10 2019, @04:37PM (4 children)

      by All Your Lawn Are Belong To Us (6553) on Monday June 10 2019, @04:37PM (#853745) Journal

      Yeah, but don't you get tired of trying to shove the Unisonic phone in your pocket? And that whole thing of having an unbroken line trailing you whenever you leave your desk to go somewhere... Mine always got broken by being run over or people suing me for tripping them whenever I went to the store.

      --
      This sig for rent.
      • (Score: 2) by SomeGuy on Monday June 10 2019, @11:41PM (3 children)

        by SomeGuy (5632) on Monday June 10 2019, @11:41PM (#853970)

        Why would I want to do that? 99% of the time I'm at my desk or within reach of my phone. The rest of the time I'm not going to be taking calls. (Gasp! Oh, the horror! Someone does things differently from everyone else!)

        You DO know they made "land line" cordless phones, right?

        • (Score: 2) by All Your Lawn Are Belong To Us on Tuesday June 11 2019, @02:53PM (2 children)

          by All Your Lawn Are Belong To Us (6553) on Tuesday June 11 2019, @02:53PM (#854212) Journal

          Yeah but whenever I got 100 feet or so away from the base station I lost the signal and the store was further away than that, plus that whole thing about my conversations being heard over the baby monitor next door. And you're more than welcome to be different, but forgive me if I don't view your solution as being terribly applicable to the mainstream and computing the who-can-laugh-at-whom ratio would probably require large precision. Though yes you do get a big one now and you're welcome to that.

          Back in the day I do remember a couple of my parent's friends, one worked for the gas company in repair and I think the other was either electric or Bell Telephone lineman. They had main landlines in their bathrooms also, because if they were on call they had to pick up even if nature was calling first.

          --
          This sig for rent.
          • (Score: 2) by SomeGuy on Tuesday June 11 2019, @06:29PM (1 child)

            by SomeGuy (5632) on Tuesday June 11 2019, @06:29PM (#854308)

            You miss the point. Never once in my entire life have I ever even felt the need to make or take a call while I was shopping at a store. When I am at a store, I am busy shopping. When I get back I will check my e-mail, voice messages, whatever, and deal with anything important then.

            Sure, some people, like doctors or gas line repair people, need to be on call every second of the day. But it is totally and completely illogical for every regular person to treat every single little notification as it were a major emergency that requires instant response. The only reason people do this is because cell phone salesmen have convinced them that they should, to the point where it has even become fashionable, which sells more cell phones.

            Conversations being heard over the baby monitor next door? Well, that's why I never used those myself. Used to have various other kinds of radio equipment that would pick those up. But if tripping over a silly cord were REALLY that huge of an issue I would have. You seem to think that they couldn't do better today?

            Let me guess, you probably also think computer cases MUST have sharp edges if the external color of a brand new case happens to be beige? I'd ask what is wrong with you, but clearly you are just an average brainwashed consumertard. Go back to staring at some bright blue LEDs.

            • (Score: 2) by All Your Lawn Are Belong To Us on Tuesday June 11 2019, @07:59PM

              by All Your Lawn Are Belong To Us (6553) on Tuesday June 11 2019, @07:59PM (#854349) Journal

              No, I think it is you who misses the point, perhaps because I was trying for humor. I really do congratulate you that you can get through your life without a cell phone and if a landline satisfies your needs, more power to you for as long as landlines are offered! But I am saying that your experience is not that of the average person. It doesn't have to be: you're you and that's fine. But that you're special and don't need such things does not imply that the average person does not, or should not.

              Two fine counterexamples for carrying a cell phone with you: Accidents. It's nice to be able to call 911 when you see a major collision occur at an intersection you're stopped at - and I have used the technology of yesteryear (ham radio) to do the same communication previously. A cell phone is better. More lives are saved more quickly.

              The second, and similar: My car once broke down on Interstate 10, 15 miles from a phone, on a nice sunny late July afternoon. I waited three and a half hours in 110 degree heat for a good samaritan to stop. The next week I bought my first car phone from Radio Shack.... even though I never had to use that phone for an emergency and it was pricey, I consider it was money well spent - just as good as the water I had already carried in the trunk. If I was running behind I could call ahead so that my family wouldn't worry. I became a ham later and that was cheaper, until repeaters started disconnecting their auto-patches, but again cell phones worked better.

              That's not quite your reasons, but the reality is that using them are more convenient and cheap than landlines. I'd take a clamshell cell phone and put it on my desk before I'd install another landline phone.

              The only other thing I'll note is that people have been sold on using cell phones, yes. Because they're convenient. Just because you want to live in the past doesn't mean your judgment about everyone else is correct, sorry. But again, enjoy your life and the rest of us will enjoy ours.

              --
              This sig for rent.
  • (Score: 3, Interesting) by AthanasiusKircher on Monday June 10 2019, @12:24AM (1 child)

    by AthanasiusKircher (5291) on Monday June 10 2019, @12:24AM (#853515) Journal

    Just thinking aloud, because I didn't really see this addressed in TFA, but would restricting permissions have stopped this bad behavior for these apps?

    Every single time I download an app, the first thing I do is look at its permissions. And I generally disable 75% of them, which I deem it doesn't need. Often the app complains. I don't care. If it no longer works, I delete it.

    These ads appeared on users' lock screens and triggered audio and video at seemingly random times or even when a phone was asleep.

    Android permissions need to be expanded to outlaw such behavior easily. The default on my device should be, "An app is NEVER allowed to do ANYTHING outside of when I have it opened on my screen unless I explicitly enable it." For example, I never want notifications from 99% of apps I'd consider downloading. Why enable them by default? Sure, some people might want that behavior or even want notifications generally enabled, but there should be a general setting ("restrictive app mode"?) where I can just check a single box and it defaults to restricting app behavior as much as possible upon initial download.

    Of course, that's not what Google wants. If Google actually cared about users, they'd have a search option in the Play Store where you could only see apps that have no cost and no ads, and if a developer violated such policies, they'd be expelled from the Store. But that's not how Google makes the most money... so they don't care.

    • (Score: 2) by Booga1 on Monday June 10 2019, @12:41AM

      by Booga1 (6333) on Monday June 10 2019, @12:41AM (#853519)

      I am in 100% agreement with you. Heck, I didn't buy an Android phone until after the granular permissions came out exactly because of this crap.

      I understand a game wants access to your contacts for some high score board. I understand some GPS app wants access to call status so it can stop navigation notifications while you're talking.
      Yet, I don't care. I want my phone to do what I want it to do. I should be the final arbiter of my devices and data. I do not care if they think it's convenient for me to give up that data. I am happy to deal with the consequences.

      That is my choice. It should always be my choice.

  • (Score: 1, Insightful) by Anonymous Coward on Monday June 10 2019, @01:01AM (1 child)

    by Anonymous Coward on Monday June 10 2019, @01:01AM (#853524)

    At the risk of sounding racist: Another perfect example of Chineese crap.

    • (Score: 3, Touché) by Anonymous Coward on Monday June 10 2019, @02:59AM

      by Anonymous Coward on Monday June 10 2019, @02:59AM (#853553)

      At the risk of sounding racist: Another perfect example of Chineese crap.

      Another perfect example of Nipper crap.
      Another perfect example of Gook crap.

      There, that's racist.

(1)