Security researchers from Trend Micro have uncovered 85 Android apps with more than 8 million downloads on the Play Store which have been forcing users to view fullscreen ads.
The apps which masqueraded as gaming and photography applications contained a family of adware dubbed AndroidOS_Hidenad.HRXH.
Once an unsuspecting Android user installs any of the adware infected apps, the adware will use several tricks to hide and avoid being uninstalled. For example, the app will hide its icon and create a shortcut on the home screen to evade removal.
To display ads, the apps will register a broadcast receiver which checks activities that prompts it to display ads. For example, when a user unlocks his or her device, the app will then display ads on the screen. It also uses "installTime" to constantly check the time so as to avoid displaying ads too frequent.
"The app also registers another Broadcast Receiver for android.intent.action.USER_PRESENTdynamically to check if the user has unlocked the device. Once conditions are met, advertisements will be displayed on the screen. Similar to how it hides the icon, it also checks for time before displaying advertisements. It also uses installTime and networkInstallTime to identify how long it has been installed on the device. Apart from that, it also checks the last advertisement to make sure that it doesn't show the same ad too frequently," Trend Micro blog read.
Apart from the frequency of the ads, the apps display the ads in full-screen.....forcing users to view the entire duration of an ad before they can close the windows or get back to the app. The apps have a 5 minute default time to display ads which isn't just intrusive alone but quite annoying.
"While the apps do have actual functionalities of the applications they are posing as, these ads are shown in full screen. Users are forced to view the whole duration of the ad before being able to close it or go back to (the) app itself. Moreover, the frequency of ads being displayed can be remotely configured by the fraudster (the default is five minutes), so it could exacerbate the nuisance for users," the blog read.
Trend Micro reported the apps to Google which has removed them from the Play Store. The list of infected apps included: Super Selfie Camera, Cos Camera, and One Stroke Line Puzzle. These apps have been downloaded 1 million times on the Play Store and they account for half of the total download figures.
Other apps includes Background Eraser, Meet Camera, Pixel Blur, Hi Music Play, and One Line Stroke. Each of these apps have been downloaded 500,000 times. The remaining apps can be found here.