Remove This New Batch of Crappy Android Adware Apps From Your Device

While I bet you probably have n’t downloaded adware from the Google Play Store lately, a new ESET report shows that various Android users have downloaded 42 different Android apps with adware for a total of over eight million times. So, just in case, here’s what’s going on – and a list of all 42 apps you should uninstall from your phone if you’re dragged into installing one.

According to ESET, these apps, some of which have been active in the Google Play store since July 2018, appeared to be regular apps at first glance. Unlike the previous adware apps we’ve reported that try to trick you into thinking something is wrong with your device, these apps all “work.”

I put it in quotation marks because their main purpose is not to help you keep track of how much water you drink, or to let you make neat ringtones. These apps may have basic functionality, but they all start communicating with a command and control server when you launch them, which configures app attack patterns to match your device (and other apps you’ve installed on it, like Facebook Messenger) … Once they receive their orders, apps use a number of creative tricks to attach themselves to your device and display annoying full-screen ads. As ESET describes:

First, the malicious application tries to determine if it is being scanned by the Google Play security mechanism. To do this, the application receives from the C&C server the isGoogleIp flag, which indicates whether the IP address of the affected device falls within the range of known IP addresses for Google servers. If the server returns this flag as positive, the application does not launch the adware payload.

Secondly, the application can set an individual delay between showing ads. The samples we saw were configured to delay the first ad for 24 minutes after the device was unlocked. This delay means that a typical testing procedure that takes less than 10 minutes will not detect any unwanted behavior. In addition, the longer the delay, the lower the risk of the user associating unwanted ads with a particular application.

Third, based on the server response, the application can also hide its icon and create a shortcut instead. If a regular user tries to get rid of a malicious application, most likely only the shortcut is removed. The application then continues to run in the background without the user’s knowledge. This stealth method is gaining popularity among adware threats distributed through Google Play.


If you have any of the following apps installed on your device, tap Settings> Apps & notifications> See all [#] apps , tap the problematic apps in question and remove them from your device. (Depending on your Android device, the path to this screen may differ.) Do not remove apps from the launcher by simply dragging and dropping them, as you can only remove the shortcut for the specified app (if you are not paying attention).

Luckily, while the aforementioned adware is annoying , it is unlikely to harm your device other than draining your battery and potentially sending data about you to something or someone you don’t know anything about. These apps won’t steal your passwords, but they’ll piss you off – and for that they don’t deserve space on your phone. Google has removed them from the Play Store as well, but that doesn’t mean they are automatically removed from your phone.

As always, the best way to avoid these kinds of applications is to first consider whether you really need the application. Is there a better alternative? More importantly, is there an alternative that has already been downloaded by a lot of people, verified by third-party sources, or has a long history of great reviews? Choose these apps over these oddly named disposable apps with suspicious descriptions and reviews, and chances are good that you will avoid most adware programs on your device.


Leave a Reply