24 April 19, 16:17
Quote:Continue Reading
Aggressive adware – on music, photo editing and fitness apps – just won’t go away, convincing users to install more apps.
Using Avast’s mobile threat intelligence platform, apklab.io, we discovered 50 adware apps on the Google Play Store. The installations of the apps range from 5K to 5M installations. The adware can be very annoying as it persistently displays full screen ads, and in some cases, tries to convince the user to install further apps.
The adware applications are linked together by the use of third party Android libraries which bypass the background service restrictions present in newer Android versions. Although the bypassing itself is not explicitly forbidden on Play Store, Avast detects it as Android:Agent-SEB [PUP], because apps using these libraries waste the user’s battery and make the device slower. The applications in this article used the libraries to keep displaying more and more ads to the user, which is against Play Store rules.
We are referring to the adware based on these libraries as “TsSdk”, because the term was found in the first version of the adware.
The adware was installed 30 million times before being removed from Google Play Store, Avast research found. We have cooperated with Google, and all of the samples were removed from the Play Store before the release of this article.
Using apklab.io, we found two versions of TsSdk on the Play Store so far, all linked together by the same code. Below you will find descriptions for both of them, from the oldest to the newest versions of the adware.
Version A
The oldest version of TsSdk, which we will refer to as “version A” was installed 3.6 million times. The apps containing the adware were simple games, fitness, and photo editing apps.
Version A was most often installed in India, Indonesia, Philippines, Pakistan, Bangladesh and Nepal.