Translated by

Google Play Store


The name of the base system (platform): Android
Developers: Google
Date of the premiere of the system: 2012
Last Release Date: 2020/06/26
Branches: Internet services
Technology: Office applications,  Tablet computers and smartphones,  Development tools of applications



The vice president of Telegram Perekopsky Ilya compared Apple and Google to the Golden Horde

{{quote|"Such here analogy: it turns out that there was a rate of the Golden Horde earlier and all brought a tribute to Tatarstan. And now there is such rate somewhere in San Francisco near Zolotogo (most Zolotye Vorota) Bridge, and all bring a tribute there.

And it seems to us that it is such fundamental thing which strongly constrains development of the IT-industry in general in the world, and especially at us because all this army of talented youth is concentrated somewhere in this region" — he told in July, 2020 at Mikhail Mishustin's meeting with representatives of the IT industry in Kazan.} }

Avast: the trojan of HiddenAds occurs in Google Play Store in 47 applications imitating games

On June 26, 2020 it became known that Avast, the company in the field of a digital security and solutions of protection, detected in Google Play Store 47 of the applications games which are a part of family of trojans of HiddenAds.

Google Play Store

Specialists of Avast already announced representatives of Google Play Store the found applications, but for June 26, 2020 some applications are still available in Google Play shop. Investigation of Google according to these applications continues. Applications of trojans of the HiddenAds family mask under safe and useful applications – but actually place persuasive advertizing out of applications. In total the found applications were loaded more than 15 million times.

The Avast command could detect this campaign using the software for automatic detection of, based on the previous campaign HiddenAds which is recently found in Google Play Store. Researchers compared actions, functions and network traffic of these applications.

The icons on the infected device can hide the similar applications and busily display advertizing is a key feature of family of trojans of HiddenAds. Seven applications can open the browser on the smartphone for display of additional declarations. Even when the user will delete the application from the device, advertizing all the same will be constantly shown. Low game opportunities and low rating have appendices: users complain of permanent advertizing.

Such campaigns as HiddenAds, can get to official shop Google Play Store, hiding the real destination or slowly implementing harmful functions, being already loaded on the device. It is difficult to prevent such advertizing campaigns as malefactors use one-time accounts of developers for each application, – Yaqub Vavra, the analyst of threats in Avast tells. – Though Google is reliable shop and regularly deletes the malware, users need all the same to save vigilance. When loading applications it is important to look at the devices that there were no strong indications of the bad application – for example, negative reviews, requests for a large number of permissions and many other things.


The 20 most downloaded applications are included below:

  • Draw Color by Number - 1,000,000
  • Skate Board - New - 1,000,000
  • Find Hidden Differences - 1,000,000
  • Shoot Master - 1,000,000
  • Stacking Guys - 1,000,000
  • Disc Go! - 1,000,000
  • Spot Hidden Differences - 500,000
  • Dancing Run - Color Ball Run - 500,000
  • Find 5 Differences - 500,000
  • Joy Woodworker - 500,000
  • Throw Master - 500,000
  • Throw into Space - 500,000
  • Divide it - Cut & Slice Game - 500,000
  • Tony Shoot - NEW - 500,000
  • Assassin Legend - 500,000
  • Flip King - 500,000
  • Save Your Boy - 500,000
  • Assassin Hunter - 2020 500,000
  • Stealing Run - 500,000
  • Fly Skater 2020 - 500,000

Blocking of installation on Android device of the applications loaded not from Google Play

On March 19, 2020 it became known that the Google company began to block installation of applications on mobile Android device if they were loaded not from Google Play shop. It means that users will not be able to download the APK file with a distribution kit of this or that utility from third-party resources any more and to set it independently, passing Google services. Read more here.

The Trojan creating fake responses about applications in Google Play is detected

On January 10, 2020 the Kaspersky Lab company announced detection of the Trojan using which malefactors distribute numerous advertisements and without the knowledge of owners install different applications on their devices and also leave fake comments in Google Play from their name. Read more here.

Removal more than 1700 applications infected with Bread malware

On January 10, 2020 it became known that specialists from the company Google told about the successful operation on fight against harmful SOFTWARE Bread also known as Joker. For the last three years the company deleted more than 1700 applications in Play Store which were infected with different versions of this malware.

Google deleted more than 1700 applications infected with Bread malware

As it was reported while most of operators of malware give up as soon as Google detects their applications, Bread operators continued the activity. More than three years malefactors release every week upgraded versions of the programs.

At some point criminals used almost each technology of masking and a bypass of protection, trying to remain unnoticed. At different times we detected three or more active options of a malware using different approaches or aimed for different carriers. During the peak periods of activity of criminals we saw up to 23 different applications of this family in Google Play in one day.

reported Google in the blog

According to specialists, malefactors actively operated vulnerability in Google Play with the purpose to bypass protection gears. Tactics under the name "versioning" allowed to load the blank application version, and already then to add harmful functions by updating of the program.

Criminals also often used video of YouTube for the direction of users on the malware, trying to infect as much as possible devices. Operators of a malware also used counterfeit reviews for increase in popularity of applications and concealment of negative reviews.

Initial versions of a malware of Bread were focused on fraud using Sms when the infected devices were used for payment of products or services by sending the Sms for paid number.

When Google entered more strict permissions for the Android-applications requiring access to the SMS on the device, criminals replaced tactics and switched to fraud with WAP within which the infected devices were used for connection to payment pages through WAP connection.[1]


About 90% of the Russian popular Android-applications transfer personal data to the third parties

On October 2, 2019 it became known that internet- the edition The Bell using AppCensus service and the platform of audit of privacy of applications Exodus analyzed what data process and transfer popular Android-applications in Russian Google Play Store and also what permissions they request from users. In more detail here.

Avast: 937 applications small lamps abuse access to personal data

On September 10, 2019 it became known that the company Avast found out that applications for small lamps for OS Android request on average 25 permissions for access to different functions and to data smartphones. Using mobile own platform for the analysis of threats of specialists of Avast analyzed 937 applications for small lamps in Google Play Store. Researchers considered as those applications which are still available in Google Play Store, and those which ever appeared in shop. According to results, 408 applications request up to 10 permissions, 267 — from 11 to 49 permissions, and 262 applications request from 50 to 77 permissions.

Applications can really request permissions for data access or to some functions on devices which are necessary for them for work. For example, access to flash of phone is necessary for the application of a small lamp to use it as illumination. However many applications request access to the bigger number of data, than it is really necessary for them.

It is really difficult to explain sense of some permissions requested by applications small lamps which we studied. For example, sound recording which was requested by 77 applications, or the contact list which is for some reason necessary to 180 applications. The most unusual in this list — an opportunity to write contacts: 21 applications small lamps wanted to receive it. Applications small lamps which we considered are only an example of how even the simplest applications can get access to private information. Often not only application developers, but also advertisers with whom they work to monetize these data get access to personal data. Privacy policy for developers, unfortunately, are not exhaustive as in many cases of privacy policy, belonging to the third parties, are closely bound,
speaks Louis Korrons, the IT evangelist in Avast

Top of 10 applications in Google Play which request most of all permissions:
|4 ||Brightest LED Flashlight -- Multi LED & SOS Mode|| 76|| 100,000|8|| Flashlight for Samsung|| 70|| 500,000
Place Name of the application Number of required permissions Number of loadings
1 Ultra Color Flashlight 77 100,000
2 Super Bright Flashlight 77 100,000
3 Flashlight Plus 76 1,000,000
5 Fun Flashlight SOS mode & Multi LED 76 100,000
6 Super Flashlight LED & Morse code 74 1,000,000
7 FlashLight – Brightest Flash Light 71 1,000,000
9 Flashlight - Brightest LED Light &Call Flash 68 1,000,000
10 Free Flashlight – Brightest LED, Call Screen 68 500,000

Not really it is clear, as It should be noted applications which request many permissions — as harmful or only as potentially dangerous. Applications can really ask to give access to the most different functions or data of the smartphone — but it does not mean that the malware.

Besides, the user himself solves, to give access to this or that function or not. Therefore it is extremely important that users carefully checked the permissions requested by the application before its installation. Besides, users should get acquainted attentively with policy and confidentiality terms and also with the user feedback on the page of loading of the application.

Trojan clicker from the directory of Google Play nearly 102 million users installed Android

On August 8, 2019 Dr.Web reported that Trojan clicker from the directory of Google Play nearly 102,000,000 users of Android set. Read more here.

Specialists of Avast detected seven espionage applications in Google Play Store

On July 18, 2019 it became known that researchers from department of a research of threats and protection for the mobile devices Avast detected seven applications which were probably created by the Russian developers in Google Play Store. Applications allow to monitor colleagues and relatives.

Specialists of Avast announced at once applications among which there were Spy Tracker, Employee Work Spy and SMS Tracker, in Google. The company quickly deleted all applications from Google Play Store.

All together these applications were loaded more than 130,000 times. The most large number of installations were the share of Spy Tracker and SMS Tracker — they were set by more than 50,000 times.

All applications require that the person wishing to trace the relatives and colleagues had an access to the device of the victim. The malware needs to be loaded from Google Play Store on the traced device. It will be required to enter the password of the e-mail — on it the application will send the password for access to data retrieveds.

After you installed the first application and configured it, it will load one more program. Then the first application can be deleted — the victim will not see spyware set on its smartphone.

The detected malware could keep track of location of the victim, collect its contacts, SMS and history of calls. On some devices it was possible to get access to messages of WhatsApp and Viber.

Espionage applications allow to define location of the victim

The complete list of the detected espionage applications:

  • Track Employees Check Work Phone Online Spy Free
  • Spy Kids Tracker
  • Phone Cell Tracker
  • Mobile Tracking
  • Spy Tracker
  • SMS Tracker
  • Employee Work Spy

Images of spywares in Google Play Store
Use applications of this kind unethically in relation to people around. Similar programs create big problems for privacy of people, and they should not appear in Google Play Store as they propagandize criminal behavior. Employers, parents or spouses, having obtained private information, can abuse it. Some of these applications position themselves as applications for parent control, but tells their descriptions about another. We classify such applications as stalkerware — espionage. Using the analytical platform we can quickly identify them and transfer this information to Google to delete them,
explains to Nikolaos Hrisaidos, the head of department of a research of threats and protection for the mobile devices Avast

The trojan backdoor masks under software for updating of the OpenGL ES graphical interface

On July 12, 2019 Doctor Web Company reported that it revealed a Trojan backdoor which executes commands of malefactors in Google Play, allows them to manage remotely infected with Android devices and to spy on users.


According to the company, the malware received the name Android.Backdoor.736.origin. It extends under the guise of the OpenGL Plugin application for version check of the OpenGL ES graphical interface and loading of its updates.

At start of Android.Backdoor.736.origin requests access to several important system permissions which will allow it to collect confidential information and to work with the file system. Besides, he tries to get admission to demonstration of screen forms over the interface of other programs.


In a window of the malware there is a button for "check" of updates of the graphical program interface OpenGL ES. After its clicking the Trojan imitates process of search of bnovlenny versions of OpenGL ES, however it does not execute actually any checks and only misleads the user.

After the victim closes an application window, Android.Backdoor.736.origin removes the icon from the list of programs of the menu of the main screen and creates a label for the start. It becomes in order that further it was more difficult to user to delete the Trojan as removal of a label will not affect the malware.

Android.Backdoor.736.origin is constantly active in the background and can be started not only through an icon or a label, but also automatically at start of a system and at the command of malefactors through Firebase Cloud Messaging. The main harmful functionality of the Trojan is located in the supporting file which is ciphered and is kept in the directory with program resources. It is decrypted and loaded into memory at each start of Android.Backdoor.736.origin.

The backdoor keeps in contact with several managing directors of servers from where receives teams of malefactors and where sends collected data. Besides, cybercriminals can manage the Trojan through Firebase Cloud Messaging service.

Android.Backdoor.736.origin is capable to perform the following operations:

  • transfer to the server information on contacts from the telephone directory;
  • transfer to the server information on SMS messages (in the studied version of the Trojan for this purpose there are no necessary permissions);
  • transfer information on telephone calls to the server;
  • transfer information on location of the device to the server;
  • load and start apk-or the dex-file using the class DexClassLoader;
  • transfer to the server of data on the installed programs;
  • download and start the executable file;
  • load the file from the server;
  • send the set file to the server;
  • transfer to the server information on files in the set directory or about files on the memory card;
  • execute Shell command;
  • start the activity set in a command;
  • load and set the Android-application;
  • show the notification set in a command;
  • request the permission set in a command;
  • transfer the list of the permissions provided to the Trojan to the server;
  • not allow the device to pass into sleep mode during preset time.

The Trojan ciphers all data transferred to the server an algorithm of AES. Each request is protected by unique key which is generated taking into account the current time. The same key ciphers the answer of the server.

Android.Backdoor.736.origin is capable to install applications at once in several ways:

  • automatically, if in a system there is a root-access (using Shell command);
  • by means of the system manager of packets (only for the system software);
  • having shown common system dialog of installation of programs where the user should agree to installation.

Thus, this backdoor constitutes serious danger. It not only is engaged in cyber espionage, but also can be used for a phishing since it is capable to show windows and notifications with any contents. Besides, it can load and install any other malware and also execute any code. For example, at the command of malefactors of Android.Backdoor.736.origin can download and start an exploit for receiving root-powers, the field of what will not be required to it participation of the user for installation of other programs any more.

Doctor Web Company notified Google corporation on the Trojan, and for July, 2019 he was already deleted from Google Play.

Developers in App Store earn at 64% more, than in Google Play

In the middle of June, 2019, the Sensor Tower company offering the platform for efficiency analysis of sales of mobile applications presented statistics of expenses in directories of Apple App Store and Google PlayRead more here.

Google blocked the applications selling marijuana

On May 29, 2019 Google blocked in the directory of Google Play of the application which sell or somehow implementations of marijuana or the products connected with it promote. Prohibition was entered within large-scale changes of policy of the publication of content in shop.

New rules are similar to prohibition on sale of tobacco products in Google Play. The updated policy of corporation strongly will strike such mobile versions of delivery services as Weedmaps and Eaze. The Weedmaps application was loaded by more than 1 million times, and Eaze — about 50 thousand.

Google began to block applications for marijuana sale

According to the representative of Eaze company, the prohibition entered by Google only contributes to the development of the shadow market of drugs.

As reported Reuters agency in Google, to application developers, helping to buy marijuana, it is optional to turn off services — to them to take out function adding of goods in a basket out of limits of the application enough. For example, it is possible to specify in the program only the link according to which cannabis purchase is available, but direct order placement and its payment can be thrown in the web version started in the browser.

In addition to restrictions for sale of marijuana in applications, Google began to require that developers specified target audience for the applications, and the programs focused on children (as it is exclusive on children, and together with adults), should follow family politicians of the company. It includes restriction of types of advertizing which can appear in applications, adding of warnings of security for augmented reality and also disclosure of information about what information developers collect about children.

Developers of already working applications were given 30 days on giving the products according to new rules of Google Play.[2]

Emergence of a cashback

On April 23, 2019 in Google Play shop in South Korea users had an opportunity to earn rewards for purchases in the Android-applications.

Within the loyalty program users will be able to receive points — so-called Google Play Points which then can be spent for purchases in programs and games and also for replenishment of the Google account of Play.

The cashback service includes five levels: bronze, silver, gold, platinum and diamond. The lowermost among them — bronze — assumes that users can get one point of Google Play Points for each 1000 wons (about 56 rubles at the rate of for April 23, 2019) spent for acquisition of subscriptions and different virtual items in applications from the directory of Google Play.

In Google Play the cashback appeared

1.1 points for purchases for 1000 wons and 6 points for expenditure in 5000 wons are necessary to those who is at the silver level. The users who moved to gold, platinum and diamond levels can expect a bonus in the amount up to 2 points for each spent 1000 wons. In process of increase in level in the loyalty program owners of smartphones, tablets and other devices earn more rewards and privileges.

According to the ZDNet edition with reference to the message of Google if the user spent 100 Google Play Points for purchase of virtual items, then the developer of this application receives 70% of revenue.

To take part in the loyalty program, in applications it is necessary to click My Play Point. The Google company is going to carry out every week advertizing campaigns that users could receive more points in certain applications.

By April 23, 2019 the Google Play Points program is available only to residents of Japan and South Korea — the countries in which purchases inside mobile applications and the pay-to-play model at which for access to a game it is necessary to purchase a monthly subscription are very popular. In the future the Google service of Play Points will be started also in other markets.[3]

The supplements published in Play Store will be checked manually

On April 17, 2019 it became known that the Google company made changes to security policies of Play Store thanks to which developers of a harmful Android-applications will not be able to publish the products in shop any more. In particular Google introduced restrictions for Android API, and now before the publication in Play Store each application should undergo without fail difficult testing and testing of security.

Play Store

Among other improvements – verification of applications by people, but not automated means. Besides, developers cannot abuse services of availability Android any more, and for applications restrictions for gaining access to some services, for example, to magazines of calls and the SMS were introduced.

Earlier Google already added the scanner performing search of the malware based on activity of applications to the shop. Start of the program of payment of remuneration for the detected vulnerabilities and so forth belongs to other measures for gain of protection of Play Store.

Verification process of the applications added to Play Store from new developers without the history of the publication of reliable applications became quicker and will take not weeks, but days now.

Though most of developers of the Android-applications are fair, some accounts nevertheless are blocked for severe systematic violations of security policies. Though more than in 99% of cases the decision on blocking is correct, we are very much concerned by what effects blocking can cause by mistake, reported in the blog of Google.

From now on owners of mistakenly blocked accounts can submit at once the appeal, and the Android command attentively will consider it. If in verification process it becomes clear that the account is blocked by mistake, it will be recovered[4].

In 206 applications the special kind of the advertizing malware is detected

On March 14, 2019 it became known that researchers of Check Point Research detected a harmful campaign in Google Play shop. The special kind of the advertizing malware was detected in 206 applications, and the total quantity of downloadings reached nearly 150 million. Google was quickly notified and deleted the infected applications from Google Play shop. Check Point called this malware SimBad as the most part of the infected applications represents games simulators.

The functionality of SimBad can be separated into three groups: advertizing demonstration, phishing and access to other applications. Thanks to an opportunity to open the set URL address in the browser which is behind SimBad the malefactor can create phishing pages for several platforms and open them in the browser, to thereby start phishing attacks on the user.

Thanks to capability of a malware to open app stores, such as Google Play and 9Apps, the malefactor can install the remote application from the appointed server. So he can set the malware at any time and increase the profit.

As soon as the user loads and installs one from the infected applications, SimBad registers itself in the manifestos BOOT_COMPLETE and USER_PRESENT that allows SimBad to perform operations after the device completes loading and so far the user uses the device respectively.

After installation the malware is connected to the specified command server for accomplishment of certain actions. SimBad has ample opportunities, such as removal of an icon from a start panel that it complicates its removal by the user, start of background advertizing and opening of the browser with the set URL address.

SimBad infection chain

The command server observed in this campaign — On this server Parse Server copy (the source code on GitHub), the version open source infrastructures of Parse Backend which represents the model allowing developers of web applications is started and mobile applications to connect the applications about a backend -cloud storage and API- the interfaces provided by background applications and also such functions as management of users, push-notifications and many other things.

The domain was registered through a hosting of GoDaddy and uses service of privacy protection. At run on the domain from the browser you receive the page of an input very similar to other panels of malware. Links of registration "Register" and "Sign Up" do not work and "redirect" the user back on the page of an input.

According to the analysis of RiskIQ, validity period of the domain expired 7 months ago. As a result, perhaps, you browse the cracked, appropriated domain which was initially used on legal grounds, but now participates in malicious actions.

Researchers of Check Point believe that developers were not aware of the harmful maintenance of RXDrioder SDK as, according to a research, the campaign was not focused on the specific country and was developed by other developer.

For March, 2019 SimBad works as the advertizing malware, opening advertizing pages, however has the big functionality capable of big threat.

Every fifth VPN-application — a potential source of the malware

On January 22, 2019 it became known that the most popular free VPN-applications contain problems which can threaten safety of users in Google Play Store. According to results of the research conducted by the specialist of Metric Labs Simon Migliano, every fifth application is a potential source of the malware, and a quarter of the analyzed programs contain the vulnerabilities connected with leakages of DNS queries of users.

The specialist studied 150 VPN-applications which total number of loadings was about 260 million times. From the studied services about 85% had intrusive permissions and also the functions putting risk confidentiality of users.

In particular, 57% of appendices were contained the code for collection of data on the last known location of the user, 38% of applications requested an information access about the status of devices, 25% of applications kept track of location of users, and some programs requested permission to use of the camera and the microphone of the device or could is reserved to send Sms[5].

10 VPN-applications and security concerns detected in them


Google will return money of mother whose child lowered $1600 for mobile games

At the end of September, 2018 district court of the city of Suvon (South Korea) rendered a verdict in the claim which initiator asked compensation for write-offs of money from its credit card in mobile games without its consent.

The 10-year-old son of the claimant spent in games on the smartphone in total 1.81 million wons (about $1627), using the credit card of the mother. The card remained attached in mobile application after the woman made several purchases in a game for the child in 2015.

Google will pay for the fact that the child used the credit card of mother for purchase of game content

Her son could pay acquisition of game objects by means of the same bank card after a while, and additional confirmations from the owner were not required. Then mother filed a lawsuit against Google, having demanded compensation of losses in a complete size.

On September 28, 2018 district court of the city of Suvon found guilty of the incident both the claimant, and the defendant, so Google will have to pay a half of the amount charged from the card without the knowledge of the user i.e. 909 thousand wons. Other half of responsibility was assigned to the party of charge.

In view of the fact that the defendant did not verify a name of the card holder with the person who made transaction under other name that is violation of its obligations to undertake precautionary measures the defendant should bear responsibility for partial indemnification, said in a judicial verdict.[6]

As reported in the section of support on the website of Google, usually the company "does not return to users of means for purchases in Google Play. However  in certain cases  it is possible".

If you made purchase, but it does not meet your expectations, it was unnecessary or something does not work properly, execute one of the following actions:
  1. Contact the developer of the application.
  2. Request return of means on the website of Google Play. 

Hundreds of thousands of times downloaded applications with viruses in Google Play

In March, 2018 it became known of presence of a virus at the popular Android-applications placed in the directory of Google Play. The malicious code was detected by specialists of SophosLab company (specializes on technology of information security), who shared a find in the blog.

The malware which in SophosLab was identified as Andr/HiddnAd-AJ disappeared in programs for reading QR codes (among them – QR Code Free Scan, QR Code/Barcode and QR & Barcode Scaning) and the Smart compass application, located in Google Play shop. The virus was used by his distributors for an output of advertisements to the screen of mobile devices and advertizing links, allowing swindlers to wind advertizing cliques, even when the infected application inactively.

In March, 2018 it became known of presence of a virus at the popular Android-applications placed in the directory of Google Play

At the first start the infected application sends a request for the server of malefactors to receive a necessary configuration. Then the virus gets access to the list of links, messages and icons which soon begin to litter the smartphone of the victim. It is interesting that the small graphic component through which it is possible to manage its work is attached to the hacker program.

It is noted that the applications infected with Andr/HiddnAd-AJ in Google Play were downloaded by more than 500 thousand times. Hackers undertook a number of measures for masking of a virus: first, the infected part of the software issued itself under standard library of programming Android which was also embedded in applications, and, secondly, the harmful element became more active several hours later after loading by the victims of software from Google Play.

SophosLab notified Google on danger, and the Internet company deleted all infected applications from shop. To secure itself against similar infections, specialists recommend to owners of Android devices to use antiviruses.[7]

Detection of harmful cryptominers

Specialists of Avast company announced on March 16, 2018 detection in Google Play two SP Browser and Mr applications. MineRusher with the built-in malware for Monero cryptocurrency mining. Applications were already downloaded by thousands of users.

In November, 2017 Avast detected a stamp of malware of JSMiner in Google Play — the cryptominer disappeared in the Cooee game application.

Process of mobile mining begins according to the similar scheme when the user loads the application and opens it. Further there is an automatic connection with the website where CoinHive Java Script for Monero mining is placed. As soon as connection with the domain is executed, begins mining. All process takes place imperceptibly for the user — in the background when the screen is switched off, and the device uses data transmission or is connected to Wi-Fi.

Specialists of Avast made an experiment of mining of Monero using mobile phones. Participants became witnesses of fast discharge of the battery, idle websites and, in certain cases, full-scale failures.

Emergence of harmful cryptocurrency applications

In Apple App Store, Google Play and others online stores can be met easily harmful cryptocurrency applications using which hackers abduct money and personal data of people. The data of cybersecurity company RiskIQ published on January 24, 2018 demonstrate to it. Read more here.


Comparison with App Store on loadings of applications and expenses of users

According to App Annie, App Store loses Google Play on loadings of applications (30% against 70% in 2017), but considerably advances by quantity of money which owners of gadgets spend, downloading and using such programs. In 2017 66% of all user expenses on mobile the application was the share of the IOS platform. In 2012 this share was measured by 86%.

Share of downloadings of applications and expenses in App Store and Google Play

More than 80 malwares stealing data of users of VKontakte are deleted from Google Play

Experts "Kaspersky Labs" in only two months found in Google Play 85 malware, the users stealing data for an input in social network "VKontakte". The most popular of them was set more than one million times, at seven was from 10,000 to 100,000 installations.

Applications stole data on access only on devices with certain languages — Russian, Belarusian, Ukrainian, Kazakh, Armenian, Azerbaijani, Kyrgyz, Romanian, Tajik and Uzbek. It is natural, considering that the social network "VKontakte" is really popular only on space of the former USSR.

Most likely, criminals used the stolen data first of all for promotion of the VKontakte groups.

Some of the attacked users complained that they were signed on certain pages without own permission, said in the publication of Kaspersky Lab. — Information on attempts to use these data for more explicit fraudulent activity did not arrive yet.

The most part of the malware was loaded into Google Play in July and activated in October, 2017. Mainly they imitated any additions to the main functionality of social network — for example, for listening of music or tracking of guests on the page of a profile on social network. Naturally, these applications required input of the login and the password for

However, the mobile game published in Google Play in March was the most popular — with more than one million loadings — the application. Initially harmful component in it was not — it appeared only in October after the next updating. So cybercriminals waited about seven months until a game gains sufficient popularity to provide the maximum distribution of a harmful component.

After Laboratory notified administrators of social network and Google on threat, all applications containing a malicious code were deleted from Google Play.[8]

How to distinguish the malware

Unfortunately, despite all efforts of Google, the malware continues to get into Google Play — Roman Ginyatullin, the information security expert of SEC Consult Services company noted. — The example with a mobile game which got harmful "stuffing" far not at once is very eloquent: the application can be initially harmless, and then suddenly begins to pose a massive threat.

As for protection, as Ginyatullin noted, users should check who is a developer of the application even if it is published in official shop Google. Besides, if the "unofficial" application requires to enter the login and the password from social network, it is a strong indication of wrong intents.

Technical details about these applications are available on the website[9]

In Google Play a boom of the Trojans masking under mobile applications of banks

Group-IB at the end of November, 2017 noted a wave of mass distribution of the Trojans masking under mobile applications of the leading banks of the country. Specialists of Group-IB block resources from which there is a distribution of these applications, but their volume constantly grows.

The trojans intended for mobile devices under management OS Android extend not through official shop Google Play, and through advertisements in search systems. At the same time experts of Group-IB noted high quality of programs counterfeits that confuses many users who are not paying attention to suspicious "trifles". In more detail here.

Authors of false antiviruses profit on the fears connected with WannaCry

In June, 2017 researchers from RiskIQ company detected hundreds of mobile applications issuing themselves for means of protecting from the encoder of WannaCry in practice being at best useless, in the worst — harmful. Similar applications are a part of more large-scale problem — false mobile antiviruses.[10]

Using simple net search experts detected more than six thousand mobile applications which are designated either as antiviruses, or as sources of information on antiviruses, or as the supportive applications supplementing anti-virus solutions. More than four thousand from these applications are active to the middle of June, 2017, at the same time 525 of them are entered in the black list of VirusTotal service which collects data from these suppliers of anti-virus solutions.

Researchers from RiskIQ company detected hundreds of mobile applications issuing themselves for means of protecting from the encoder of WannaCry in practice being at best useless

It does not mean that all these applications are harmful, researchers note, adding that really dangerous dangerous programs can not be included in black lists — at least, during some time.

Specialists of RiskIQ detected in Google Play Store of 508 active applications which are designated as antiviruses, at the same time about 55 of them appeared in black lists of VirusTotal. In general 189 different app stores for mobile devices were investigated (not only Google Play Store). At the same time 20% of applications from lists of VirusTotal fall on official shop Google; 10.8% from them — are active to this day in spite of the fact that administrators of shop regularly eliminate doubtful and frankly malware.

For example, the false antivirus of Antivirus Malware Trojan which wormed way into Google Play was downloaded 10 thousand times before he was moved away.

In other shop — Mobiles24 — to trustful users was offered the Android's Antivirus program which in practice contained five different versions of the malware. 3.5 thousand times managed to download the program.

Among the applications which are allegedly protecting from WannaCry frankly harmful was not, but also they give nothing useful: the encoder of WannaCry does not attack mobile platforms (at least, so far) so statements for "protection" — no more than unfair advertizing. Authors of these applications operate insufficient knowledge of users, as well as the hysteria connected with recent epidemic.

As experts of RiskIQ note in the publication, probability remains that someone will want to supply the applications which are allegedly protecting from WannaCry with a harmful component.[11]

Spammers and virus writers traditionally use loud information reasons for the benefit — Ksenia Shilak, the sales director of Sec-Consult company says. — And here: very many users "heard something" about WannaCry epidemic, but showed interest in parts much less — who can fall a victim what platforms are vulnerable and how to be protected. The lack of knowledge can pose even a big threat, than vulnerabilities in software.

In Google Play more than one hundred malware are revealed

In March, 2017 researchers from Palo Alto Networks company revealed 132 applications for Android containing harmful components in Google Play shop. The administration of Google Play quickly reacted to the message and deleted unsafe software.

According to Palo Alto Networks, the revealed applications used the Android WebView component allowing to display images and the text in the form of static HTML pages. These pages as it appeared, supported the hidden IFrame with links to harmful domains.

Google Play shop

According to researchers, one of such infected pages tried to download and set a malware, however the procedure of downloading and a malware are capable to function only in the environment of Windows, without doing any harm to the smartphone.

The mentioned harmful domains are inactive long ago: control over them was intercepted by the Polish center of response to computer incidents (CERT) in 2013.

Most likely, developers of these mobile applications became the victims of malefactors. Points to it also use of the deactivated harmful domains long ago, and a malware under Windows, and some similarity in a code format indicating a possibility of generation of applications using the same platform.

Experts of Palo Alto Networks assume that application developers could use the same integrated development environment (IDE) which was already infected with the malware or used the online platform for generation of applications into which the malicious code was integrated earlier. That, in turn, integrated IFrame with links to dangerous domains into HTML-components of applications.

The administration of Google Play deleted all these applications though in itself they did not pose a threat.[12]

Access to business Poe is simplified

On January 17, 2017 the Google company announced change of policy of distribution of software in Google Play shop that it will simplify to the enterprises deployment of proprietary and customized applications among personnel.

The company suggests to use private channel (Private Channel) which will allow administrators of G Suite (before Google Apps for Work) to place and distribute Android applications only among users or the selected user groups within the domain G Suite. The users who got access to private channel can load applications through Google Play on the mobile device from there. The organizations which connected private channel to Google Play receive additional benefits in the form of authentication of separate user groups and also antiviral protection against the malware Google[13].

This updating in app store will be available since January 31, 2017. It is supposed that it will simplify search of the corporate applications distributed through Google Play. For descriptive reasons they will be located in the section Working applications. Other applications — public and private which the enterprise can manage by means of the EMM tools (Enterprise Mobility Management) will be stored in the same section.

The private channel will provide the simplified instrument of the consolidated management of a pool of applications, allowing to update, for example, software according to the predetermined schedule. Grouping of software will facilitate to administrators creation of "white lists" of mobile applications which are approved for use at the enterprise.

The organizations which were not using earlier private channel need to be registered previously using own EMM and to configure technology of mobile management of Google. For January 17, 2017 Private Channel can be used for installation of corporate applications only on the mobile devices Android, use of proprietary applications on other platforms is inadmissible, Google stated.

There is at the private channel also a scheme of replacement of the published annexes which works for commercial applications in Google Play. A possibility of planned setup of updating of corporate applications became one more among innovations in EMM products and Google services for business which appeared for the last one and a half years. For example, in October of last year Google provided a new feature for mass deployment of mobile devices based on Android with all necessary parameters of security for work at remote offices. In the same month of Google updated the administrator's console — that received the improved mechanisms of content filtering, blocking of the device and destruction of data.

2016: "Family" access to Google shop

On July 28, 2016 the Google company announced the organization in structure of Online store of applications and media content of Google Play of the mode of interaction Family Library - for to exchange data between family members.

Family Library allows to make purchase of the paid application once and further to transfer him to mobile devices of the spouse, children, other relatives, without paying it repeatedly[14].

Sales office of Google Play, (2016)

Google Play Family Library is the general access to paid content. Some kind of answer Google to similar functionality internet- shop App Store from the company Apple. Service was started in May, 2016, but access to it was limited a quantity of the countries for a limited number of testers.

For July, 2016 beta testing is complete - users of Google can get access to the project from the territory of the USA, the majority of the countries of Europe, Japan, Brazil, Canada and Australia, Mexico, New Zealand. The company announced inclusion of Google Play Family Library in other states of the world in several days.

Google Play Family Library has restrictions for "family": no more than six. It can not be no relatives — groups can be created with friends or fellow workers. It is not obligatory to be connected to Google Play Family Library with Android- devices — applications will be available only to this platform, and a photo, video and other media content will open on the desktop PC or the gadget under management Apple iOS.

In Google Play Family Library it is possible to exchange practically everything, excepting music — to distribute it it will not turn out because of copyright.


According to appFigures, the number of applications in Google Play last year reached 1.43 million whereas in App Store — 1.21 million App Store are an analog of Google Play. It contains appendices for Apple iPhone and iPad, i.e. mobile devices working at the competing platform iOS.

The third place was taken by the Appstore directory of Amazon company (293 thousand applications). Structures of Amazon generally enjoy popularity in the USA.

In addition, analysts noted that in 2014 the third year in a row showed to Google Play higher rates of inflow of new developers. And every year the separation increased.

Now about 388 thousand developers — against 282 thousand at Apple are engaged in release of the applications for Android placed in Google Play.

In 2014 the number of applications in Google Play doubled. The highest growth rate was shown by category Games, on the second place — Photography, on the third — Music, on the fourth — Business, on the fifth — Entertainment. In turn, in App Store the greatest growth rate by the number of new applications in 2014 was shown by category Business. On the second place — Food & Drink. Analysts were surprised that Food & Drink appeared on the second place. They reminded that it is about growth rate, but not a total quantity of programs. What causes popularity of this category, is not explained.


The Canalys research company counted the number of the smartphones loaded by users and tablets of mobile applications for the I quarter of 2013. As reported, all for this period from online directories of mobile software 13.4 billion loadings were made that is 11% more, than for all 2012.

The greatest sales growth and numbers of loadings of mobile software is observed in the developing regions — Brazil, Indonesia and South Africa. It is explained by the growing popularity of mobile gadgets which are willingly bought up by locals. As for profitability of the markets from the point of view of developers of software, by this criterion the predominating positions are taken by the markets of the developed countries. According to the results of a quarter in North America revenues of developers from mobile software increased by 8%, and the number of the loaded programs and games rose by 6%, at the same time in Europe these indicators grew by 8 and 10% respectively.

For April, 2013 the most popular online directories of applications are Apple AppStore, Google Play, Windows Phone Store and BlackBerry World. In the amount these four most popular shops provided revenue in 2.2 bln. dollars. AppStore to which share about 74% of world revenue fall remains the most profitable app store. Though Google is also inferior to Apple on the profitability indicator, its Google Play became the leader in the number of downloads — 51% of all loadings are made from it where users give preference free and to shareware programs. By the number of loadings of Apple on the second place.

The Google Play bypassed AppStore on number of the downloaded applications

App store of Google Play for the first time bypassed AppStore of Apple company on number of loadings. According to the researches conducted by App Annie Index according to the results of the II quarter 2013. users downloaded the Android-applications 10% more, than applications based on iOS. The company connects this fact with increase in activity of users in emerging markets of Russia, India and Brazil. If to consider users of both app stores, then residents of the USA, South Korea, India, China and Japan most of all download programs. Experts point to rapid growth of the Android smartphones market and, respectively, applications for them in developing countries.[15]

However, despite it, App Store still brings much more income, than Google Play, and it confirms that users of the equipment of Apple are more located to pay for content. App Store exceeded Google Play on income by 2.3 times. Games remain the most demanded category of programs in App Store and Google Play. In the first 40% of loadings are the share of them, and they bring about 75% of income. Another 15% generally arrive from musical and social applications. Most of all users from the USA and Japan which generate about a half of all profit of App Store spend for programs.

The Google Play of a game also wins first place on income — they bring 80% of all receipts from the downloaded applications. In Google Play applications for communication, and on the third — different tools are on the second place.

Data on revenue include paid loadings and also embedded in applications of purchase. This information does not consider income which arrives from the mobile advertizing embedded in applications.

Recently the Android platform bypassed iOS also by the number of the tablets sold in the II quarter. For this period on global market 34 million tablet computers were produced that is 43% more, than the previous year. 53% of the delivered devices were based on the Android platform, 42.7% fell to the share of IOS. For comparison, in the II quarter of 2012 the Apple corporation controlled 71.2% of sales of tablets.

Google toughened requirements to applications for Android

The Google corporation made significant changes to rules of the publication of the Android-applications in the official directory of Google Play. They concern the description of applications, advertizing, purchases in applications, rating and other aspects.

According to the changed rules, "applications do not may contain the false or unclear description in any column, including the name, a label, the description and screenshots".

Developers are forbidden to place on the home screen, in section of applications and in browser tabs any labels on the third-party websites and services in the advertizing purposes. Display of advertizing in the field of system notifications is forbidden.

It is forbidden to publish the supplements parodying other applications externally and on functionality.

Applications should not change system settings without prior notice and the consent of the user. Including, it concerns the interface of the operating system. The user should have a possibility of simple canceling of changes, including by removal of the application which made them.

Applications should not force users to delete other applications, only if this application is not an antivirus or other protective solution.

Phrase "Developers should not make attempts to change provision of any product in shop at the expense of repeated estimates and compulsion of users to give higher or low marks" was replaced on "Developers should not make attempts to change a position of any product in shop, to manipulate ratings or reviews of any products by not permitted methods, including dummy installations, paid or dummy responses and estimates and coercion to estimate a product".

One of the most significant changes in rules concerns an order of the payments embedded in applications. From now on purchases in applications should be executed only through Google Play payment system except as specified when the user purchases real goods.

According to observers, new rules will help to bring order to Google Play and to bring closer quality of shop to Apple App Store which is a standard.


Google started in March, 2012 the competitor of iTunes - a Google service of Play which integrated app stores, music, books, video service, service of cloud storage and synchronization of data.

Google provided new service under the name of Google Play which integrated the directory of Android applications Market, musical shop Google Music, shop of Google eBookstore e-books and service of the videprokat on the Internet. As it was specified in the official blog of the company, in it well to more than 450 thousand applications, millions of music tracks and books and thousands of movies. Conceptually the Google Play is close to iTunes known to service Apple which integrates shop of music, video and applications for apple computers, phones and tablet PCs.

Fully the Google service of Play earned at first only in the USA. In Canada and Great Britain the Google Play integrated movies, books and applications, in Australia - books and applications, in Japan - movies and applications. In other countries, including Russia, the Google Play at first offered only applications. In attempt to come into Android Market to the old address readdressing on the new domain was executed, the user saw a new logo.

Corresponding changes in the next few days were also made to mobile application of Android Market (on devices with Android 2.2 above), applications for access to movies, books and music which were renamed into Google Play Movies, Google Play Books and Google Play Music were also updated.

In addition, the Google Play offered function of loading on the server to 20 thousand music tracks from own library. This service is free. Besides, users can synchronize files and purchases between the smartphone, the tablet and the personal computer.

Google explained that the Google Play is evolution of the Android Market shop opened in October, 2008.

As notes Associated Press, Music Google service started 4 months ago sells tracks only from three large sound recording studios: Universal Music, EMI Group and Sony Music Entertainment. At the same time with Warner Music Group the agreement is signed was not yet. The number of the books which entered into Google Play exceeds 4 million, and tracks and movies - 13 million, adds the agency.

The Google Play is a direct competitor of iTunes. This shop of Apple company started in 2003 is the largest shop of music in electronic form.

Over 4.5 billion applications are downloaded and installed on phones and tablets on the Android platform. The Canalys company conducted at the beginning of 2012 a research of the market of programs for mobile electronics which showed that applications from Android Market are more than twice more expensive than their analogs from App Store. Analysts took as a basis of 100 most popular and downloaded applications in Android Market and the same quantity of their analogs from Apple App Store. Having counted the total cost of programs, it became clear that Google applications are about 2.5 times more expensive, than in App Store.

For 100 the most popular prilozheny in Android Market need to be paid about 375 dollars, on average 3.75 dollars for the application. In Apple App Store one application costs 1.47 dollars. Analysts of Canalys consider that the difference in the price of content and is the pacing restraining factor of popularity of Android Market which on the second place after App Store by the directory size in spite of the fact that Android devices in the world is on sale more, than devices on the IOS platform.

In March, 2012 Google provided new service under the name of Google Play which integrated the directory of Android applications Market, musical shop Google Music, shop of Google eBookstore e-books and service of the videprokat on the Internet. As it is specified in the official blog of the company, in it well to more than 450 thousand applications, millions of music tracks and books and thousands of movies. Conceptually the Google Play is close to iTunes known to service Apple which integrates shop of music, video and applications for apple computers, phones and tablet PCs.

The official directory of applications for devices on the Android platform - the Google Play - overcame a mark of 15 billion loadings in April, 2012.

For comparison, App Store of Apple company reached 15 billion loadings in July, 2011. Last time the Apple company announced achievement of value in 25 billion loadings - in March, 2012.

The range of the official directory of the Android-applications of Google Play reached 700 thousand positions in October, 2012. Thus, the number of applications for Android for the first time reached the number of the applications for iOS distributed through the similar directory of Apple App Store. As notes PocketNow, despite it, the quantity of the Android-applications developed specially under tablets is small. Apple of such applications has 275 thousand pieces.


In May, 2011 at a conference of developers of Google the company published interesting statistics about the Android system. Representatives of Google reported that in day in the world 400,000 Android of devices are connected. Thus, the cumulative number of Android of devices was close to 100 million pieces for today. In total well to about 310 various devices in 112 countries from 36 producers and 215 operators, Google reported.

On Android Market, the online market of applications available over 200 thousand free and paid applications. While Google still lags behind Apple on number of applications in online store, however, rates of development allow to hope that Android will soon catch up with the market leader. New service - rolling of video - it is possible, will make Android Market more popular. Users will be able to take in rolling movies for 1.99 dollars.


The range of Android Market shop reached 100 thousand applications in October, 2010. It is reported on Twitter, on the official account of community of Android developers. The mark of 100 thousand applications is reached later half a year after achievement of a point of 50 thousand and in 2 years after opening of shop - in October, 2008 Android Market contained several tens of programs and all from them were free (the possibility of purchase of applications at that time was not yet).

Android Market remains the second in value app store after Apple App Store which range in August, 2010 overcame a level in 250 thousand positions. However the rate of its growth is higher, than growth rate of App Store. Every month the number of new programs for Android increases. It is expected that over time users of smartphones based on this platform will locate the widest choice of the programs available to loading, among other mobile platforms.

In July it was reported that users of smartphones with the Android operating system executed more than 1 billion loadings of the applications which are stored in Android Market. For comparison, users of iPhone, iPod touch and iPad executed more than 5 billion loadings of the applications which are stored in App Store.

You See Also