Google has removed more than 500 apps from the Android Play Store after researchers at Lookout Security discovered that those apps had a back doorsecurity vulnerability which could be exploited to inject spyware into the devices.
Among themselves, these 500 apps had more than 100 million downloads, which roughly translates into tens of millions of devices which might be vulnerable to spyware attacks.
The apps’ advertising software development kit (SDK), called Lgexin, had the capability of spying on user’s devices by downloading malicious plugins via an otherwise innocent-looking app.
The researchers also pointed out that the developers of the apps aren’t responsible for creating the malicious functionality. Rather, “the invasive activity initiates from an Igexin-controlled server”.
While most of these apps were identified as harmless at the present time, but their security vulnerability means that the developer — or Lgexin in this case — could, at any point of time, update the app with malicious spyware plugin and threaten the privacy of the users.
The Lgexin spyware code could lead an app to record call logs, text messages, login credentials and much more.
Although Google is working towards creating a secure environment in the Play Store, app authors with malicious intentions are always looking for a way to fulfill their unscrupulous needs.
“Lgexin is somewhat unique because the app developers themselves are not creating the malicious functionality – nor are they in control or even aware of the malicious payload that may subsequently execute,” the Lookout Blog reads.
The apps that contain the infected SDK included:
Games targeted at teens (one with 50M-100M downloads)