The Google Play Store is believed to be the safest place of downloading Android apps.
This is because Google assures its users that before these apps are uploaded to the store; they must undergo a thorough security check up by the Google team in order to certify them as safe for use on all Android devices.
The Google Play Store has more than 1.3 million apps. This enormous number of apps is as a result of the fact that this store is open source, which means that any developer can add or remove their apps from the store as long as Google certifies them. Even though this might be a surprising thing for the thousands of developers who make money from this store on a monthly basis, the fact that the Google Play Store is open source also makes it attractive to hackers and other malicious programmers.
Google recently removed a malicious Android app from the Play Store
When malicious users want to enter the store, they will disguise their apps as legitimate applications, and once they are in the store and on your phone, they can do anything the developer intends them to do. Just recently, there was a report by the BBC that Google had to deal with an app that had disguised itself as legit.
According to the report, the app was known as BatteryBot Pro, and it was used for tracking and monitoring the power usage of Android devices. Reports say that the fake version of this app had the ability to send text messages on behalf of the user. Furthermore, when any attempt to delete it from the phone was made, the app resisted.
App spoofing is becoming a common trend among malicious developers as they only insert a malicious module into an app that is already accepted in the Play Store. This method has even become more common that the usual building of malicious apps from scratch and for sure, it will pose a huge threat to the open-source nature of the Android OS. Google was quick to note this issue, and as you read this, the app has already been removed from the store.
How to spot a malicious app in the Google Play Store
One major way you can use to identify a fake or malicious app on the Google Play Store is to take a keen note of the permissions the app asks for when downloading and installing it from the Play Store. According to the report revealed on BatteryBot Pro, the app asked for minimum permissions during installation but once it was installed, there were more demands on it with respect to administrative access. This is very clear that the developer of the app has other intentions of taking full control of the device installed with the malicious app.