In 2020 a staggering 108 billion apps were downloaded from the Google Play Store, according to stat fact company Statista. With an estimated 2.5 billion devices running Android, the Google operating system, that’s about 43 apps for each device.

This is huge target for cyber criminals and a beast of a prize for apps that surreptitiously gather user data. While the Google Play Store runs security checks on the apps that it displays, fake Android apps that hide spyware and harbour malware inevitably slip through the net.

Recently there have been a number of developments which signal increasing sophistication on the part of malware creators.
  • A new breed of innovative Android malware spreads itself by sending malicious links to WhatsApp contacts. The malware was discovered hiding inside a Google Play Store app called FlixOnline.
  • When downloaded, and after accepting the app permissions, the malware spreads and sends a link from the compromised WhatsApp account. If the link is clicked the user is taken to a fake Netflix site designed to steal Netflix account login details or credit card details.
Google Play Store has removed the app but an important thing to keep in mind is that this malware may well return in a different app.
  • Another newly discovered malicious app pretends to update your phone but, in reality, is just a giant spyware application that can steal pretty much all your data while also monitoring your movements and online search history.
  • Called System Update it was discovered in a third-party unofficial app store rather than the Google Play Store, which limits its spread.
  • It steals data, messages, images and takes control of Android phones. Once in control, hackers can record audio and phone calls, take photos, review browser history, access WhatsApp messages, and more.
The wider point about these two apps is that with such a huge user base hackers and cyber criminals are developing increasingly sophisticated malware that can cunningly insert itself onto devices without users realising.

This is why it’s as important to use antivirus protection on smartphones as much as it is on desktop PCs and laptops. BullGuard actually offers free mobile protection for Android devices as well as a low cost version that includes parental controls.

Gobbling up personal data

“Data is the new oil” as the saying goes within the industry. It’s worth vast amounts of money and has led to something of a data rush in which an individual’s rights to privacy are trampled over. And mobile apps are a tremendously fruitful source for gathering data.

But the extent to which data is siphoned from legitimate Android apps on a user’s phone is a cause for concern.

Recent research analysed the top 1,020 Android apps found on the Google Play Store, based on the number of app installations.
  • Over a third of analysed apps wanted to use an Android device's camera.
  • A third of the most popular Android apps want to keep track of a user's location.
  • One in in five want to record a user's phone conversations.
  • Almost one in ten of the most popular Android apps on the Google Play Store requested permissions to make direct calls to a user's phone contacts.
The app categories in which the most intrusive permissions were requested are communication, lifestyle, maps and navigation apps

Why do they do it?

The answer is simple: in-app advertising and data monetisation.
  • To display ads inside an app, you need to garner data about your users. Business interested in selling services to different user demographics will buy the data.
  • Developers make use of third-party intermediaries to facilitate mobile advertising services. They do this by embedding codes that allow them to collect data about users businesses can display targeted advertisements.
  • Developers are not obliged by app stores to disclose their use of third-party advertising and tracking services so users are largely unaware of what’s going on.
  • Even apps that are truly ad-free track users for other purposes such as analytics and crash reporting.
Taking back control

There is a limit to what you can do to escape the digital surveillance dragnet, however, there are some simple steps you can take that can reduce the data that is sent from your phone without your knowledge.
  • Minimise your use of free apps and where possible take advantage of paid-for alternatives. The reality is if you are not paying for a product, then you are most likely the product because you are generating data.
  • Some of the data collected is necessary for an app to function properly. A flashlight app, for example, cannot function without access to the camera flash. But a flashlight app needs access to the flash and nothing else. Therefore, any permission that is not essential to the functioning of the app should be considered excessive.
  • If you're going to get on a public Wi-Fi network use a VPN that doesn’t collect your data. It can shield you from others trying to gain access to your phone.
  • Go to the settings on your phone and check the privacy settings. Turn off location settings if you don’t want to be physically tracked.
  • Search for the My Activity function on your phone. Depending on the operating system version it can usually be found in Manage your Google Account, Data & personalization, Activity and timeline and then My Activity. You can then turn of various ‘activities’ and delete ‘histories.’ ‘Activities’ generate and send data as do ‘histories’ enabling those who are interested to see what you are doing and what you interests are.