Skip to main content

Android adware had nearly 150 million Google Play downloads before being pulled

Android adware had nearly 150 million Google Play downloads before being pulled

Share this story

Illustration by Alex Castro / The Verge

More than 200 apps in the Google Play Store had malicious advertising code that could cause a phone to display ads outside the app, direct users to websites and app store links, and even download new apps, according to the security firm Check Point.

Check Point says it reported the malicious apps to Google, which confirmed it has removed them from the store. Those apps had amassed nearly 150 million downloads before being removed, according to Play Store statistics.

Bad apps keep getting into the Play Store

The malicious code made it into the apps by posing as legitimate advertising software. Developers would use it thinking the code would display ads properly — albeit, frequently, Check Point notes — inside their apps. In reality, it did much more. That allowed the adware to spread widely, hidden inside a variety of different apps and games in the Play Store.

Quite a few of the most popular apps infected with the adware were simulator games, including Snow Heavy Excavator Simulator, Real Tractor Farming Simulator, Heavy Mountain Bus Simulator 2018, Hummer taxi limo simulator, Excavator Wrecking Ball Demolition Simulator, and Sea Animals Truck Transport Simulator. (These names are all hilarious, and I could list a dozen more.) Check Point named the adware SimBad in reference to the glut of infected simulators.

Google reviews apps before they enter the Play Store, but its process has never been as strict or thorough as Apple’s review process for the App Store. That’s shown over the last couple years as more and more stories have come out about Google having to pull hundreds of apps due to the presence of troubling code: some displayed pornographic ads and tried to get users to download more apps, while others abused app permissions, and some even hijacked devices and used them for a distributed denial-of-service attack.

Last year, Google said it had made “significant improvements” in its ability to detect problematic apps and that it was able to remove 99 percent of them before they had ever been installed. But bad apps keep making it through, and the presence of SimBad is the latest evidence that Google still has work to do on improving its Play Store screenings and keeping Android users safe from malicious apps.

Update March 13th, 1:48PM ET: Updated to note that a Google spokesperson says the malicious apps have been removed.