Skip to main content

TouchPal developer caught installing adware on hundreds of millions of Android phones

Image credit: Pixabay
Audio player loading…

A fresh security scandal has hit the Google Play store, as over 200 apps from a Chinese mobile developer – representing some 440 million installations in total – were found to contain adware which interfered with the host phone to the extent that it was reportedly rendered practically unusable.

Security firm Lookout discovered the 238 offending apps which were produced by Shanghai-based CooTek, best known for its popular free emoji keyboard app, TouchPal (which has been installed over 100 million times historically).

This app, and the several hundred others, were sneaked onto the Play store containing a well-hidden adware plugin, known as BeiTaAd. Lookout notes that it was the fact that the plugin was very cleverly concealed which led to these various apps being installed so many times before anybody twigged something was up.

After installation of an affected app, the plugin keeps quiet for at least the first 24 hours, or possibly up to a period of two weeks, before beginning the bombardment of obtrusive ads – just so the user won’t link the installation of the software to the problem.

And of course the other huge issue with this particular piece of adware is that it generates out-of-app ads – in other words, advertisements that appear outside of the application itself – which massively interfere with the operation of the user’s phone.

To the point where said user might struggle to achieve basics tasks such as making a phone call. It’s also capable of firing up video and audio adverts when the handset is asleep, too.

There are many complaints in TouchPal’s Play store reviews, as you would imagine, and one user lamented that the app ‘interrupts everything’ from phone calls through to listening to music or sending emails. Another user noted that even after upgrading to the premium version of the app, adverts still kept popping up.

Removed or updated

Lookout reported (opens in new tab) the malicious apps to Google, and the security firm says that the apps in question have been removed from the store, though some still remain which have been updated to versions that don’t carry the BeiTaAd plugin. Although whether anyone will want to trust any of this developer’s products again, given what has happened here, is another story.

The BeiTaAd plugin was apparently present in CooTek’s apps since early in 2018, and was evolved with more sophisticated obfuscation techniques as time went on.

CooTek has been around for over a decade, and was listed on the New York Stock Exchange back in 2018. The company has just announced its Q1 2019 financial results with net revenue increasing by 83 percent year-on-year. 

Unsurprisingly, shares in the firm jumped by eight percent at the close of trading yesterday, although it will be interesting to see what happens to stock as news of this adware scandal spreads.

This isn’t the first time Google has had problems policing the vast contents of its app store, and doubtless won’t be the last. Another recent scandal was that a substantial percentage of the top free VPN applications on the Play store were found to be a potential source of malware (which, of course, is just what you want from a security app).

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).