New Google Android Threat: Malicious App Installed By 40 Million Play Store Users

Google Play Store app is seen on an android mobile phone

Google Android users have been put at risk again, after it emerged a keyboard app called ai.type previously available on the Play Store has been making millions of unauthorized purchases of premium digital content. The Android app has been downloaded more than 40 million times, according to researchers at Upstream.

Hiding in plain sight by masking its activity to spoof apps such as Soundcloud, the rogue Google Android app delivers millions of invisible ads and fake clicks, passing on user data about real views, clicks and purchases to ad networks.

Ai.type is a customizable on-screen keyboard app developed by Israeli firm ai.type LTD, which describes the app as a “free emoji keyboard.”

But in the background, without your knowledge, the Android app turns your device into “one of the many bots of the network controlled by fraudsters to commit ad fraud,” says Guy Krief, CEO of Upstream.

The app was deleted from the Google Play Store in June, but it remains on millions of Android devices and is still available from other third-party marketplaces. There was a spike in its suspicious activity once removed, the Upstream researchers say.

Specifically, Upstream says its Secure-D platform has detected and blocked more than 14 million suspicious transaction requests from 110,000 unique devices that downloaded the ai.type keyboard.

There is currently a free version of ai.type in the Google Play Store, which was added in October. Upstream’s researchers say they have not detected any suspicious activity coming from the newer app. The premium app is not affected.

It’s one of many rogue Android apps reported in recent weeks. Only last week, researchers at ESET discovered a year-long campaign that saw 8 million installs of adware delivered through 42 apps.

It came after ESET researcher Lukas Stefanko published his report detailing the 300 million malicious Android app reports during the month of September.

Other recent rogue apps plaguing Android users include spyware and adware.

The Google Android app threat: What to do 

I contacted Google, who confirmed that the app had been removed from Google Play. However, Upstream advises anyone who has downloaded ai.type to check their phones for unusual behavior. This can include issues such as the battery depleting faster than usual, your device overheating, your data plan depleting or charges for premium digital services that you haven’t purchased. If you spot any of these indicators, it’s likely you have become a victim.

If you have already downloaded the app, you should delete it now, says Krief.

In general, Android users need to be more proactive about their security than those who use Apple’s iPhone. In order to be as safe as possible, Krief advises to only download apps from Google’s Play Store.

Meanwhile, read users’ reviews of apps–and not only the most recent ones. “Do a quick online search about the app and its developer,” he says.

You should also have active and updated anti-virus running on your device.

It seems that malicious Android apps are popping up more than ever. Recently, a lot of experts have been commenting that the Google Play Store is getting out of hand. “It is hard to keep statistics, but we are seeing an increasing number of apps available in the Play store being exposed for fraudulent activity,” Krief says.

He warns: “We are also seeing developers re-publishing apps that were caught for fraudulent behaviour, under the same name, or under a different app name.”

So it goes without saying, if you use Android, you need to take steps to secure your device–and be careful about what you download as well as the permissions you allow your apps.