Google Play is fighting an uphill battle against Android adware | Ars … – Ars Technica UK

Home » Google Play » Google Play is fighting an uphill battle against Android adware | Ars … – Ars Technica UK
Google Play コメントはまだありません



Google’s official Play marketplace is waging an uphill battle against Android apps that display an unending stream of popup ads even when users try to force them to stop, researchers said Friday.

The researchers, from UK-based SophosLabs, said they have found a total of 47 apps in the past week that collectively have racked up as many as 6 million downloads. They all use a third-party library that bombards users with ads that continue to display even after users force-close the app or scrub memory. In a blog post, SophosLabs said Google has removed some of the privately reported apps while allowing others to remain.

The MarsDae library that’s spawning the popup torrent supports Android versions 2.3 through 6, as well as Samsung, Huawei, Mizu, Mi, and Nexus devices. One app that incorporates MarsDae, SophosLabs said, is Snap Pic Collage Color Splash, which remained available on Google servers as this post was being prepared. Snap Pic has been downloaded from 50,000 to 100,000 times. Once installed, it displays ads on the Android home screen. Even after a user uses the Android settings to force close the app, the ads resume a few seconds later.

According to Sophos, the MarsDae library takes the following steps to keep ads appearing on devices running Android versions 5 and 6:

  1. It runs code that kicks off a number of processes.
  2. It creates a file, then locks it.
  3. Each process creates another file. For example, Process A creates a2 and repeatedly checks if Process B has created file b2, and vice versa.
  4. If Process A finds file b2, it means Process B has started and locked file b1. Process A can delete file b2. Process B will do the same thing for file a2.
  5. Process A keeps monitoring the lock status of file b1 while Process B monitors file a1. If any file is unlocked, it means the related process is dead. Then another process can restart it again.

A full list of apps using the library include:

cn.etouch.ecalendar.life
com.aimobo.weatherclear
com.ali.money.shield
com.anti.block.porn.safebrowser
com.app.fast.boost.cleaner
com.app.wifi.recovery.master
com.baiwang.facesnap
com.block.puzzle.game.king
com.booster.ram.app.master.clean
com.card.game.bl.plugintheme21
com.card.game.bl.plugintheme22
com.card.game.bl.plugintheme23
com.cardgame.solitaire.sfour
com.clean.phone.boost.android.junk.cleaner
com.cleaner.booster.speed.junk.memory
com.color.paper.style
com.corous360.zipay
com.desk.paper.watch
com.exact.digital.ledcompass
com.free.sudoku.puzzle
com.freegames.happy.popcandy
com.freegames.popstar
com.freegames.popstar.exterme
com.gmiles.alarmclock
com.gmiles.switcher
com.insta.browser
com.listen.music.pedometer
com.ljapps.wifix.recovery.password
com.mg.callrecord
com.mola.tools.mbattery
com.mola.tools.openweather
com.mx.cool.videoplayer
com.news.boost.clean
com.ojhero.nowcall
com.phonecooler.battery.cleaner.wifimaster
com.picture.photo.editor
com.powercleaner
com.red.music.audio.player
com.riti.elocation.driver
com.samll.game.puzzle.plus
com.smartx.flashlight
com.tool.powercleanlite
com.tool.videomanager
com.tools.freereminder
com.wise.trackme.activity
org.mbj.filemanager
org.mbj.sticker

Google officials didn’t immediately provide Ars with a comment on Friday’s report. This post will be updated if they get back to us later.

This post originated on Ars Technica






コメントを残す