Why is there so much spyware hidden in the Play Store?

Features
By published

Hidden in plain sight

In this photo illustration a Google Play logo seen displayed on a smartphone.
(Image credit: Photo Illustration by Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images)

I still remember when my dad got his first smartphone. After a whole day of figuring out how it worked, he exclaimed, "Well, there's an app for everything, it seems." Indeed, apps make our daily lives more effortless, but they're not without their risks.

Downloading bogus apps from the App Store can cause immense havoc, including (but not limited to) malware, ransomware, phishing scams, and spyware. In fact, the Zscaler report found 200 dangerous spyware apps in the Google Play Store across 12 months, with over 8 million installs.

Luckily, there are steps you can take to stay safe and minimize the risk of downloading spyware. Join me, and I'll explain what these apps are, how to spot them effectively, and why they're so prevalent.

What are spyware apps?

Fake spyware apps can be found on the Google Play Store – although they pretend to be legitimate and perfectly safe apps. Also called trojans, they are designed to carry out a variety of attacks after downloading and installation, including performing data theft, injecting malware, cryptojacking, ransomware, stealing information, and more.

Although they're more often found in third-party App Stores, that doesn't mean that the official Google Play Store is totally safe – as evidenced by the Zscaler report I referenced above. One thing I should mention is that these bogus apps can also be spread via social engineering tactics, such as emails and SMS messages that urge you to download an app by clicking a link.

Note that smartphones are ideal targets for the crooks that create these fake spyware apps. Why? Well, we trust these devices with our personal information and take them everywhere with us. Additionally, a lot of us – my dad included – simply don't know how to spot spyware in an App Store on our devices.

The risks posed by spyware apps

If you happen to download a bogus spyware app, it can cause a lot of damage. Since these apps are usually data-hungry, they may even require specialized malware removal software at some point. Some of the most common risks include:

  • Data theft and privacy breaches. Spyware apps collect personal data, like names, addresses, login details, and more.
  • Financial fraud. If a spyware app collects sensitive financial details (either by tricking you into handing them over or recording the info as you input it), they can then be used to commit all sorts of financial fraud, like taking out massive loans in your name.
  • Malware. Spyware apps can contain malware that will flood your device with viruses.
  • Ransomware. Ransomware is particularly tricky, as it steals your personal data and locks your device, demanding payment to regain access.
  • Rootkits. While technically a form of malware, rootkits are particularly troublesome as they bypass security measures to create "backdoor" access to your device. In doing so, rootkits enable hackers to control your phone remotely, causing even more damage.

How to spot malicious spyware apps

Spyware apps are specifically designed to trick users into believing they're legitimate apps. Their designers go to great lengths to minimize any differences to the real thing, which makes them significantly more challenging to spot.

However, they're not perfect, and there are several telltale signs that, if noticed, should raise your alarm. Here's how to spot malicious spyware apps:

  • Check the logo. Observe whether the image is skewed or if the colors are wrong. Are you looking at a clear rip-off of a more famous brand?
  • Does the app provide a link to its website with contact information?
  • Observe the grammar and copy. If it's choppy and full of (consistent) errors, it could indicate that the app you're looking at is fake, especially since legitimate apps have teams that polish all of the copy before it reaches the App Store listing stage.
  • Check the number of previous downloads. If you see that the app you're looking at only has a minuscule amount of previous downloads, it's worth double-checking. The same goes for any app with a massive number of downloads but a very recent publish date.
  • Check the reviews. Take a look at what other people are saying, and while bad reviews pretty much speak for themselves, remember that reviews are a two-way street. A swathe of positive reviews that seem "off" could indicate a fake app just as reliably.
  • Observe permission requests. As most bogus apps will count on you not doing this, seeing a calendar app requesting your location permission is suspicious from the get-go.
  • If you haven't already, activate Google Play Protect.
  • Lastly, if an app's promises simply seem too good to be true (especially if you're looking at an app that's free to download), then it usually is, and you should not download it.

Why is there so much spyware lurking everywhere?

The short answer? Technological advancements have made it incredibly easy to grab your data and information without even breaking a sweat. Think of it as your name, banking details, and other personal information being served up to malefactors on a silver platter.

The long answer requires understanding that modern spyware tools are increasingly invasive and leave minimal evidence on the infected device. The main danger posed by modern spyware stems precisely from the fact that it's become so difficult to detect and fairly easy (effortless, even) to inject.

The main danger posed by modern spyware stems precisely from the fact that it's become so difficult to detect

Take Predator and Pegasus, for instance – these spyware tools are so advanced that they harvest both so-called one-click and zero-click attacks. In some instances, you don't even need to tap on a risky link (or download an app from the App Store!) to become a victim.

To make matters even worse, these spyware scandals have revealed a web of intelligence, military, and law enforcement agencies using these tools for purposes beyond fighting crime, including against politicians, journalists, and human rights activists around the world. Therefore, criminals, stalkers, and hackers may just easily use these tools to target your device, regardless of their end goal.

Bottom line: Spyware apps readily lurking in the Play Store is just the tip of the iceberg. Online security risks are in every corner of the internet, and they all exist for the same reason – preying on careless folks is much more effective than those who take the time to observe what they download and how they use their smartphones and other devices.

So, use common sense and think before you act – in doing so, you'll become the criminals' worst enemy while keeping yourself safe online.

Aleksandar Stevanović
Aleksandar Stevanović
Freelance Writer

The (cyber) devil is in the details - a saying that Alex firmly believes in every time he powers up his PC. As a freelance writer, Alex explored a plethora of topics and industries during his 10+ years-long career. Cybersecurity is his current focus, allowing his innate attention to detail (and OCD) to adorn each reader- and value-oriented piece he crafts. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.