A recent report published be security researchers have revealed that more then 500 Apps present on Google Play Store might possibly have been used secretly for the distribution of a spyware. The root cause behind this distribution of spyware is attributed to a malicious advertising SDK (Software Development Kit) used to develop these apps.
Image Source: Skyward
This advertising SKDs are commonly used to develop smartphone free apps for the customers and they generate revenue by delivering ads through advertising networks. Lookout the security research company that discovered this SDK which is called Igexin is being inadvertently used by many developers. Igexin, has its origin in China, it promotes services that proclaims to control data relating to user, which include user interests, location, income and occupation for advertising purposes. These apps contain an exploit which can be used for malicious activities like steeling user data. Collectively these apps have been downloaded for more than 100 million times.
Lookout immediately contacted Google about Igexin and Google instantly responded to remove these apps from Google Play Store. Lookout provided two example of the infected apps which included SelfieCity and LuckyCash which has been downloaded for more than 5 and 1 million times respectively. The researchers confirmed that both the apps are now safe to use as the developers have successfully removed the malicious code. Other apps which included a weather app, game, internet radio app, educational app, travel , emoji and photo apps are also included in the list of 500 affected apps.
These apps due to a large number of downloads has the potential to spread and infect Android Phones all over the world. This spyware can easily turn Android phones into spying devices and risking the privacy of the users.