For the most part, the Google Play Store does a pretty good job at keeping out malware that has been disguised as apps. However this doesn’t mean that apps on the Play Store are 100% legit because only recently Google got around to purging the Play Store of apps that were taking part in an ad fraud scheme.
According to a report from Sophos, about two dozen or so Android apps were removed from the Play Store with downloads collectively amounting to about 2 million or so. These apps were found to be taking part in an ad fraud scheme where the apps were disguised as games and functionable utilities, but at the same time had downloaded capabilities which allowed them to secretly connect to servers to retrieve other files.
Sophos claims that these apps directed the malware to send ad requests and pretended that they originated from a variety of apps, and hid those ads in a hidden browser window. This means that as far as the user is concerned, they don’t know that an ad is being run, that is unless they start to pay attention to the amount of data their devices are using, and also how much battery is being taken up.
The report claims that some of these apps were actually around on the Play Store for at least a year, meaning that they have been running rampant without Google’s knowledge, at least until now.