Jump to content

A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads

Recommended Posts

A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads

Smartphone apps raked in ~$500,000, in part thanks to shilling on TikTok and Instagram.

Screenshot of App Store icon.

Researchers said that a tip from a child led them to discover aggressive adware and exorbitant prices lurking in iOS and Android smartphone apps with a combined 2.4 million downloads from the App Store and Google Play.


Posing as apps for entertainment, wallpaper images, or music downloads, some of the titles served intrusive ads even when an app wasn’t active. To prevent users from uninstalling them, the apps hid their icon, making it hard to identify where the ads were coming from. Other apps charged from $2 to $10 and generated revenue of more than $500,000, according to estimates from SensorTower, a smartphone-app intelligence service.


The apps came to light after a girl found a profile on TikTok that was promoting what appeared to be an abusive app and reported it to Be Safe Online, a project in the Czech Republic that educates children about online safety. Acting on the tip, researchers from security firm Avast found 11 apps, for devices running both iOS and Android, that were engaged in similar scams.


Many of the apps were promoted by one of three TikTok users, one of whom had more than 300,000 followers. A user on Instagram was also promoting the apps.


“We thank the young girl who reported the TikTok profile to us,” Avast threat analyst Jakub Vávra, said in a statement. “Her awareness and responsible action is the kind of commitment we should all show to make the cyberworld a safer place.”


The apps, Avast said, made misleading claims concerning app functionalities, served ads outside of the app, or hid the original app icon shortly after the app was installed—all in violation of the app markets’ terms of service. The links promoted on TikTok and Instagram led to either the iOS or Android versions of the apps depending on the device that accessed a given link.

Targeting “younger kids”

“It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them,” Vávra added.


Avast said it privately notified Apple and Google of the apps’ behaviors. Avast also alerted both TikTok and Instagram to the shill accounts doing the promotions.


A Google spokesman said the company has removed the apps, and Web searches appeared to confirm this. Several of the apps for iOS appeared to still be available in the App Store as this post was being prepared. Representatives from Apple and TikTok didn’t immediately have a comment for this post. Representatives with Facebook, which owns Instagram, didn't respond to a request to comment.


Android users by now are well-acquainted with the Play Store serving apps that are either outright malicious or that perform unethical actions such as deliver a flood of ads, often with no easy way to curtail the deluge. Abusive apps from the App Store, by contrast, come to light much less often—not that such iOS apps are never encountered.


Last month, researchers discovered more than 1,200 iPhone and iPad apps that were snooping on URL requests users made within an app. This violates the App Store’s terms of service. Using a software developer kit for serving ads, the apps also forged click notifications to give the false appearance that an ad viewed by the user came from an ad network controlled by the app, even when that wasn’t the case. The behavior allowed the SDK developers to steal revenue that should have gone to other ad networks.


People considering installing an app should spend a few minutes reading ratings, reviewing prices, and checking permissions. In the case of the apps found by Avast, the average rating ranged from 1.3 to 3.0.


“This all is bad don’t buy,” an iOS user wrote in one review. “I accidentally bought it. 8 dollars wasted and it doesn’t work.”



A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads



Link to post
Share on other sites
  • Replies 1
  • Created
  • Last Reply

Top Posters In This Topic

  • Karlston


  • Ryrynz


Popular Days

Top Posters In This Topic

Popular Posts

A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads Smartphone apps raked in ~$500,000, in part thanks to shilling on TikTok and Instagram.

You'll find this sort of deception day in and out when you allow anyone to sell their "work" to you. If earning money wasn't like the wild west, none of this would happen because there wouldn't be a market for it.

As it stands people can buy and pay for anything and that runs count-intuitive to providing good life experiences for much of Humanity as those who have trouble earning income by regular methods seek to deceive and steal to attain the life not afforded to them without first pulling up their bootstraps and foregoing avocado toast.

Edited by Ryrynz
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...