Google Struggles to Keep Malicious Apps Out of the Play Store
Google has once again been forced to clean up its Play Store after multiple security threats were discovered lurking within seemingly legitimate apps. The latest removals include a wave of ad fraud schemes, a dangerous banking trojan known as Anatsa, and most recently, the highly sophisticated KoSpy spyware. While Google claims to have strict security measures in place, these repeated incidents suggest otherwise. Malicious apps continue to find their way into users’ devices, raising concerns about how well the Play Store is protecting Android users.
KoSpy Spyware: A Hidden Threat Stealing Personal Data
The latest malware, KoSpy, was uncovered by cybersecurity firm Lookout and has been linked to the North Korean hacking group APT37, also known as ScarCruft. The spyware is capable of stealing a vast amount of personal information, including text messages, call logs, GPS locations, files, audio recordings, and even screenshots. This discovery has sparked serious concerns, as the attack appears to be part of a coordinated cyber espionage campaign.
KoSpy is not the only threat. Another North Korean group, APT43 (Kimsuky), has been found to share infrastructure with APT37, indicating a broader state-sponsored hacking operation. These groups primarily target users in multiple countries, further increasing the risk for unsuspecting victims.
Fake Utility Apps Disguising Malware
KoSpy has been spreading through fake apps disguised as useful utilities. Some of the fraudulent apps identified include “휴대폰 관리자 (Phone Manager),” “File Manager,” “스마트 관리자 (Smart Manager),” “카카오 보안 (Kakao Security),” and “Software Update Utility.” These apps were previously available on the Play Store, but Google has since removed them. However, they can still be found on third-party platforms, which makes sideloading particularly risky.
Cybersecurity experts warn that these apps are designed to trick users into granting them excessive permissions. Once installed, they silently collect and transmit sensitive data without the user’s knowledge. Those who have downloaded any of the listed apps should delete them immediately to prevent further exposure.
The Hidden Dangers of Sideloading Apps
While downloading apps outside of the Play Store is sometimes necessary, it significantly increases the risk of installing malware. Cybercriminals take advantage of this by distributing fake apps through unofficial websites, often mimicking popular tools to deceive users. Many of these apps request extensive permissions that allow them to monitor calls, messages, and even real-time locations.
A recent study by University College London (UCL) highlights the dangers of sideloading. The research compared official parental control apps available in the Play Store with sideloaded alternatives from third-party sources. The results were alarming. Many sideloaded apps deliberately hid their presence from users and required permissions far beyond what was necessary. Even more concerning, 17 out of 20 of these apps instructed users to disable Google Play Protect, Google’s built-in security feature, making devices even more vulnerable.
Testing revealed that while Google Play Protect was able to detect 13 of these malicious apps, seven remained undetected. This included apps like Bark, EvaSpy, FlexiSpy, Spapp Monitoring, SPYX, TheOneSpy, and TiSpy. This raises questions about whether Google’s security system is robust enough to keep up with evolving threats.
Google’s Response and the Future of Android Security
Following Lookout’s report, Google confirmed that it had removed all newly identified malware-infected apps from the Play Store. The company reassured users that Play Protect continues to scan devices for known threats, even for apps installed from outside the Play Store. However, its effectiveness depends on users keeping the feature enabled at all times.
Google is also updating Play Protect, making it easier for users to temporarily disable security measures to facilitate sideloading. While this gives users more flexibility, it also introduces additional risks. Cybersecurity experts warn that pausing Play Protect while installing third-party apps is like driving without a seatbelt—it leaves devices exposed to malware.
Adding to the complexity, regulatory pressures on Google and Apple are forcing both companies to open their platforms to third-party app stores. While this move increases competition, it also means more security risks. If Google already struggles to keep the Play Store free of malware, expanding access to multiple app sources could create even bigger challenges.
How Users Can Stay Safe Amid Increasing Threats
While Google is working to strengthen security, users must take an active role in protecting their devices. The first step is to ensure Play Protect is always enabled, as it helps detect and block known threats. It is also essential to avoid sideloading apps unless absolutely necessary, as many third-party sources lack proper security measures. Users should always review app permissions before installation, if an app requests excessive access to personal data, it is best to avoid it.
Keeping devices updated is another key defense. Android’s latest security updates often include patches for newly discovered vulnerabilities, reducing the risk of malware infections. If an app seems suspicious or was installed outside the Play Store, it should be deleted immediately.
The Play Store’s Growing Security Concerns
Despite Google’s efforts to remove malicious apps, the problem persists. Cybercriminals are becoming increasingly sophisticated, finding new ways to bypass Play Store defenses. The discovery of KoSpy spyware is just the latest example of how malware continues to infiltrate Android devices.
As Google prepares for the launch of Android 15 with One UI 7 and the anticipated early release of Android 16, security will be a major focus. One of the upcoming features includes an expansion of the Advanced Protection Program, which could prevent sideloading on devices enrolled in higher security settings. This move signals Google’s intent to crack down on malware distribution, but it remains to be seen how effective these measures will be.
For now, users must remain vigilant. The growing number of threats makes it clear that relying solely on Google’s security is not enough. By staying informed and cautious about app downloads, users can better protect their data from cybercriminals exploiting loopholes in the Play Store.
