Home > Tech

17 Android Apps Caught Hiding and Displaying Aggressive Ads

Bitdefender found the apps used a number of different techniques to dodge Google Play's vetting system

By Matthew Humphries for PCMag on January 15, 2020

17 Android Apps Caught Hiding and Displaying Aggressive Ads

Not a great look for Android Credit: PC Mag

PCMag.com is a leading authority on technology, delivering Labs-based, independent reviews of the latest products and services. Our expert industry analysis and practical solutions help you make better buying decisions and get more from technology.

We all rely on Apple and Google to keep malicious software out of its app stores, but the vetting system Google uses for Android apps is in desperate need of review. 17 vetted and popular apps have been hiding their presence on devices and showing aggressive ads to users.

The apps in question are listed below and in total have been downloaded over 550,000 times:

Car Racing 2019
4K Wallpaper (Background 4K Full HD)
Backgrounds 4K HD
QR Code Reader & Barcode Scanner Pro
File Manager Pro - Manager SD Card/Explorer
VMOWO City: Speed Racing 3D
Barcode Scanner
Screen Stream Mirroring
QR Code - Scan & Read a Barcode
Period Tracker - Cycle Ovulation Women's
QR & Barcode Scan Reader
Wallpapers 4K, Backgrounds HD
Transfer Data Smart
Explorer File Manager
Today Weather Radar
Mobnet.io: Big Fish Frenzy
Clock LED

As Bitdefender reports, none of the apps are classed as malware, but the best way to summarize what they are doing is as "riskware."

Mashable Light Speed

Want more out-of-this world tech, space and science stories?

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

You May Also Like

Each app uses a number of techniques to bypass Google's vetting system to ensure they make it on to the Play Store. These techniques include, "waiting 48 hours before hiding their presence on the device, splitting the app's code into multiple resource files, and holding off displaying ads until 4 hours after app installation."

Ads are then displayed regularly, but randomly, so it's very hard to spot a pattern. A job scheduling system is used to decide when to potentially show a new ad. This can be triggered when a user is in the app and pressing buttons, or outside the app when, for example, the device is unlocked.

Tricking Google into thinking the apps aren't malicious seems to be an exercise in presenting themselves as "average." The right files form part of the apps and the long delay before ads are shown combined with the randomness of them being triggered seems to be enough to fool the vetting system. Some reviews from users have flagged these apps as adware, but they remained live on the Play Store regardless.

Bitdefender has reported all 17 apps to Google and they are being removed from the store.

Topics Android