If you are an Android user, you are being warned about not using 36 apps, which can put your privacy and security at risk. Your bank details and other crucial information could be stolen by these illicit apps. Google Play Store has launched a crackdown and banned 36 of these apps. McAfee has informed about the apps in a blog post saying that,”The infected applications come from various Android application stores. More than 100 million downloads have been tracked through Google Play. After that, ONE store, Korea’s leading app store, follows with about 8 million installations.”
According to the blog post, McAfee’s Mobile Research Team discovered a software library named Goldoson, which collects lists of applications installed, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. Moreover, the library is armed with the functionality to perform ad fraud by clicking advertisements in the background without the user’s consent.
“The research team has found more than 60 applications containing this third-party malicious library, with more than 100 million downloads confirmed in the ONE store and Google Play app download markets in South Korea. While the malicious library was made by someone else, not the app developers, the risk to installers of the apps remains,” the post added.
McAfee also reported the discovered apps to Google, which took prompt action. Google has reportedly notified the developers that their apps are in violation of Google Play policies and fixes are needed to reach compliance. While 36 apps were removed from Google Play Store, others were updated by the official developers. There were over 60 apps and 27 apps have been updated while the other 36 apps have been removed by Google from its Play Store. If you have downloaded these 36 apps, then delete them now.
You can check the list of apps here under the banner: List of Apps and Current Status
Google Play considers the list of installed apps to be personal and sensitive user data and requires a special permission declaration to get it. Users with Android 11 and above are more protected against apps attempting to gather all installed apps. “However, even with the recent version of Android, we found that around 10% of the apps with Goldoson have the permission “QUERY_ALL_PACKAGES” that allows them to access app information,” McAfee stated.
Likewise, with Android 6.0 or higher, users may be asked for permissions such as Location, Storage, or Camera at runtime. If user allows the location permission, the app can access not only GPS data but also Wi-Fi and Bluetooth device information nearby.