An app claiming to live stream the 2018 Winter Olympics (but really serving up a blizzard of ads) had a short run on Google Play. It was uploaded to the Play store on February 8, 2018. Since then, it’s been removed. The last known existence of it on the store was a cached snapshot from February 10.
At first, things seem normal with a simple opening screen.
After displaying the first ad, it goes onto a navigation screen.
Click on each live stream link, and it’s a gamble whether it actually redirects to a functioning live stream or not. I found that most of the time, the app crashed. In contrast, the app’s ability to display ads never falters.
More ads than games
An app serving up ads in order to use it for free is nothing new, and most of us humbly accept. The decision for mobile malware researchers to classify some of these apps as adware isn’t always easy. In this case, the Olympic streaming app doesn’t use anything unusual to serve ads. To put it another way, it isn’t using any known aggressive Ad SDKs. However, when these ads pop up after every click, it’s excessive.
It’s clear that the true intent here is not to live stream the Olympics, but to serve up as many ads as possible before the app crashes. Thus, we gave this failed app a classification of Android/Adware.LiveStream.
Combing through Google Play
The sheer number of apps like these found on Google Play that teeter on the line between clean or adware is overwhelming. As we have found time and time again, it’s impossible for Google Play to catch all of these. This is true even with Google’s more advanced Play Protect feature.
Moreover, it’s impossible for mobile malware researchers to keep up with all these “grey” apps as well. This is especially true with special cases like these, where detailed analysis is needed to make a determination. It’s important to note that even if apps like these do slip through, they are generally low risk.
User responsibility: tips to stay safe
Due to the overwhelming number of questionable apps on Google Play, some responsibility to pick safe apps must fall on users. Here are some tips to stay safe.
Check the details
Before installing an app, check the app’s details page for evidence of anything out of the ordinary. Things to look for are the app’s reviews, number of installs, and the last update. If there are a low number of reviews and/or the app has poor reviews, be wary. The same goes for a low number of installs of the app.
Lastly, if the app was recently updated, this could indicate that it was also recently uploaded to Google Play—which isn’t necessarily a bad thing, but it does make it harder to vet the app’s security. Unfortunately, Google Play doesn’t display when the app was first uploaded, so the updated date is the best data you have to determine whether it’s new or not.
If, after all this, you decide to install the app and it contains what you think is adware, no need to panic. Most of these grey apps just display annoying ads, and there is no other harm. Simply uninstall and go on with your day.
Package Name: com.ww2018OLYMPICLIVETV_6516426
This is a Security Bloggers Network syndicated blog post authored by Nathan Collier. Read the original post at: Malwarebytes Labs