Android phones – vulnerable to the threat of fraudulent apps

Android phones – vulnerable to the threat of fraudulent apps

It is estimated that there are some 2.5 billion android phones in operation around the world. They represent an opportunity for criminals and a clear and present danger to operators, advertisers and consumers.

The weakness of android phones is that they have vulnerable to invisible attacks from hackers and fraudsters, who are completely screened from the view of the user. Such attacks are happening in the background of a host of popular applications which hundreds of millions of people have downloaded on to their devices.

In the background these rogue applications are continuously making fake clicks on advertisements, or secretly signing their users up for subscription services. The advertisers are paying the application providers for the clicks, consumers are then being falsely registered for expensive premium services and their data bundle consumed by activity they have no control over or are not even aware of.

Secure-D by Upstream is a platform that monitors and analyses the transactions of over 30 operators and looks at anomalies or suspicious transactions. In 2019 they processed more than 1.71 billion mobile application transactions on these networks and blocked 1.6 billion – more than 90% – that were found to be fake or fraudulent accounts. They also found 43 million android handsets that were affected with malware.
Based on their data here are the applications that last year’s biggest attacks hid behind:


128 million suspicious or fraudulent transactions were generated in around 15 different countries by this application last year. Initially exposed in May, a hidden component of the application delivers fake advertisements and tries to generate clicks and even purchases. This application is now only available from certain third-party android stores and thankfully, not from Google’s own store. Despite this, the video downloading application is still available, active and has managed to total up some 500 million downloads around the world, making it the fraudster’s best friend and an ample opportunity for hackers.


A very close second behind Vidmate, was the file sharing app 4Shared. Despite its seeming credibility of being available on the Google play store, receiving high ratings and excellent reviews from IT websites and more impressively, the Microsoft store, this application generated 114 million dubious transactions in 17 countries around the world. As well as sharing files as requested by its users, 4shared was also found to be sharing user’s personal details in the background. After reporting the suspicious activity Google removed the application from its play store however, since then, a new version has come into fruition and 4Shared continues to be a live threat to its users.


In comparison to the previous two, only a small number of devices were infected by Snaptube – just 4.4 million. However, in only six months it was responsible for over 70 million suspicious or fraudulent transactions from those devices. These transactions were happening behind the screen of the video downloading application that was popular in Egypt, Brazil, Sri Lanka, South Africa, and Malaysia. If this was left undetected, advertisement fraudsters would have been rewarded with $91 million from their activity, which was first exposed in October 2019. Again, this is only available in third-party applications stores.

Weather Forecast

In 2019, around 27 million transactions were blocked on the ‘Weather Forecast: World Weather Accurate Radar.’ This application is also still available on Google play store and is even pre-installed on some Alcatel Android phones. While delivering the weather forecast and maps in the foreground, behind the scenes click fraud advertising is occurring on a substantial scale. This activity was initially reported right back in January 2019, however the application is still being downloaded from Google play and has now been installed on around 10 million handsets.


Obviously, appearing on the Google play store gives applications like this a lot of credibility and a good reputation. The customisable keyboard application Ai.type hid behind such credibility to initiate around 14 million fraudulent transactions that unless blocked, would have resulted in an $18 million reward for the fraudsters. For applications with advertisement malware hidden, getting on and staying on the Google play store is a major and important ambition. Ai.Type is to be credited with one of the biggest spikes of fraudulent activity of last year and was removed by Google from its Play Store in June. Once again, it is still available via some third-party stores.

The android ecosystem has a very open nature and this has been a strength to help the operating system become a more dominant force in the handset market and to enable it to compete with the likes of Apple. However, such an open nature is also responsible for its security weaknesses. The applications that are mentioned above stand behind some of the biggest attacks of last year, but the number of malicious applications that are found to be hiding fraudulent activity from view, is getting larger on a daily basis.