Apps with 440 million installs eluded Google Play Protect to make Android phones unusable (UDPATE)

Apps with 440 million installs eluded Google Play Protect to make Android phones unusable (UDPATE)
* UPDATE: CooTek, makers of the popular TouchPal keyboard, contacted us to explain that the issue with the rogue ad plug-in has been sorted out. Actually, it is stated that the problem has been resolved months ago, before it was even made public. Currently, no CooTek apps are said to experience the issue.


According to Ars Technica, adware named BeiTaAd was hidden in 238 apps found in the Google Play Store. The apps, which had more than 440 million installs, played ads to help the hackers collect revenue. And with the hundreds of millions of screens at their disposal, the scheme certainly paid off handsomely for those behind it.

Part of the problem is that Android users installing one of the infected apps might not have noticed anything untoward in their behavior for a period of 24 hours to as long as two weeks. Once the adware kicked in, the BeiTaAd plugin started to deliver what is known as out-of-app-ads. These appear on lock screens, not inside an app (hence the name) and run audio and video at haphazard times.

A post in the Android Forum from November was written by someone with a friend using the Samsung Galaxy S8 on AT&T. The post noted that this person had the BeiTaAd plugin on her phone and couldn't remove it. Another post was made by a gentleman whose wife also had the BeiTaAd plugin installed on her handset, running ads at random times. The malware, said the husband, made his wife's phone "unusable."


Mobile security firm Lookout noted that those behind the 238 malicious apps went to great lengths to hide the presence of the plugin. All of the apps involved were published by a Chinese-based company called CooTek and all CooTek apps contained the plugin. Lookout reported the names of the 238 apps to Google, and the latter removed all of them from the Google Play Store. Since this scheme had been running for months, we wonder how these malware filled apps managed to elude detection from Google's Play Protect system.

FEATURED VIDEO

33 Comments

1. Dbosss

Posts: 24; Member since: Mar 18, 2019

No matter how many verisons of android comes, privacy is still s**ttier in android! Who knows google themself allowed it having some shares with them!

15. TheOracle1

Posts: 2151; Member since: May 04, 2015

Isn't this similar to the Apple article from a few days ago?

16. ChicagoBorn

Posts: 91; Member since: Jan 24, 2018

Sorry I’ve never had a AD pop up on my iPhone lock screen or home screen

18. blingblingthing

Posts: 919; Member since: Oct 23, 2012

What about the push notification promoting new iPhones from Apple? Is that not an ad for the person receiving it?

29. TheOracle1

Posts: 2151; Member since: May 04, 2015

Get a dictionary and look up the word similar.

2. djcody

Posts: 226; Member since: Apr 17, 2013

So the app has 440 million installation and no name. Strange. Some stories like that with no clear information just bogus. Ehh next

4. djcody

Posts: 226; Member since: Apr 17, 2013

Just checked ars technica and oh boy Google I hope you pay for it big time

3. cjreyes666

Posts: 81; Member since: Oct 23, 2012

So what is the list of the 238 apps?

6. Dr.Phil

Posts: 2314; Member since: Feb 14, 2011

There’s no need for a list. All of the apps were published by CooTek. So if you have that show up on any of your apps as a publisher you need to delete it.

5. iloveapps

Posts: 724; Member since: Mar 21, 2019

And problems that exist in android doesn’t even care by google nor android manufacturers. Just like this comment section, they wouldn’t bother to come and comment here because they knew that from the start they bought android cheap products, they are the product.

19. blingblingthing

Posts: 919; Member since: Oct 23, 2012

Did Apple comment on the WSJ article in the comment section here?

22. MrMalignance

Posts: 213; Member since: Feb 17, 2013

@iloveapps: There are plenty of Android owners leaving comments. This is a site where consumers make comments, not companies. You really should stop talking trash in every single article. You aren't a good troll

24. sissy246

Posts: 7035; Member since: Mar 04, 2015

He has no life other then here obviously. He is also know as peaceboy and loves to talk trash.

31. oldskool50

Posts: 962; Member since: Mar 29, 2019

If I had a dollar for everytime you said something stupid, I would be the richest man in the world. You are a certifiably crazy dude. Why are you even alive?

7. obedchuni

Posts: 328; Member since: Jun 16, 2014

Ditto happened with my friend

8. Tsepz_GP

Posts: 1157; Member since: Apr 12, 2012

Wow, this is bad, makes you wonder how many more like this exist if CooTek were able to get away with this for months.

9. zCrownn

Posts: 1; Member since: Jun 05, 2019

I know how bad those are. I work with cricket wireless , all those android phone, after activation whenever we connect with wifi, around 12 to 16 apps installed automatically. Those are very bad apps, showing ads on home screen. Some of the apps install other app by itself, made phone almost unusable. But poor customer have no idea why this happens. Its really a bad practice both for carrier, also google itself. Look at apple, how secure and highly treat there customer.

20. blingblingthing

Posts: 919; Member since: Oct 23, 2012

If you're buying some highly subsidized smartphone and the carrier loads it with bloat, that's a choice the buyer is agreeing to. Get an unlocked phone to avoid the bloat.

23. MrMalignance

Posts: 213; Member since: Feb 17, 2013

@zCrownn: I'm having a hard time believing your story. I know that throughout my time buying phones I've seen tons of preinstalled bloatware, but never adware on a new device. I just don't believe that it could be so bad as to make a brand new device unusable. Perhaps you meant they activated the device they are trying to port to cricket?

25. sissy246

Posts: 7035; Member since: Mar 04, 2015

Agree Especially this part. "Look at apple, how secure and highly treat there customer" Apple was just caught letting apps in that gets your information. But he is right, this is not a good thing and Google needs to fix it. I have very few apps down loaded and have not had this problem.

10. adecvat

Posts: 630; Member since: Nov 15, 2013

Oh, that android

11. adeelzsoomro

Posts: 27; Member since: Jan 07, 2019

Choose an iPhone and your problem will be solved Android is the worst OS in the planet It’s better to use a feature phone instead of an android

26. sissy246

Posts: 7035; Member since: Mar 04, 2015

LMFAO Just a article the other day about apple and apps, maybe you need to read it.

12. Cicero

Posts: 1108; Member since: Jan 22, 2014

Those chinese developers and spammers. Every day I have dozen of spam emails from them. And all comes from a server with @126.com. They are just shot in wind. Do I trust chinese business model done in this regard?

13. iloveapps

Posts: 724; Member since: Mar 21, 2019

CDMACOS, SISSY and OLDSCHOOL were on vacation. Gonna comment again once apple news comes in.

14. cmdacos

Posts: 3973; Member since: Nov 01, 2016

Xcodeghost and countless other more recent adware and malware issues on iOS make your argument pointless. Apple is only secure if you don't use any 3rd party apps and as long as you don't connect to a network. Enjoy

27. sissy246

Posts: 7035; Member since: Mar 04, 2015

No, we just have a life unlike you.

17. Ichimoku

Posts: 145; Member since: Nov 18, 2018

be careful when you're using an Android phone. extremely smart pesky developers will always find a way to mess up with your phone.

21. blingblingthing

Posts: 919; Member since: Oct 23, 2012

No need to be careful with an iPhone right? Because the WSJ made up the report about trackers or multiple trackers in 79/80 apps they tested.

28. sissy246

Posts: 7035; Member since: Mar 04, 2015

Yep, exactly

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.