Google has removed yet another batch of awful Android apps from the Google Play Store for breaking the company’s terms of service. The roundup includes 101 apps belonging to a single group known as the 2NAD network, which used 27 fake developer names as a front to distribute its many questionable apps.
All of these scammy apps contain various types of malicious or exploitative code—mostly ad fraud and unwanted data collection carried out through extraneous app permissions. You should definitely review Cybernews’ list of all 101 apps and delete any you may have downloaded, but now is also a great time to brush up on the ways to sniff out a malicious app before it infects your Android in the first place.
How to spot a sketchy Android app
While it’s good to see Google ban shady apps and developers, bans are almost always a reactive solution rather than a proactive one. One of the best preventative strategies you can employ for your Android device is to secure a solid anti-malware app that will help reduce your risk should you encounter a malicious app. But you can also get a sense of how risky an app is just by checking the permissions it asks for when you install it.
App permissions are an easy way to judge whether an app is safe or not before downloading it. I say “safe” rather than straight-up malware, because some apps are free of malicious code and leave your data alone but could still try to exploit you in other dubious ways. And even if an app isn’t doing anything shady per se, it may have access to certain features or types of data you might not be comfortable with.
Screenshot: Brendan Hesse (Google Play Store)
You can check an android app’s permissions in app stores like Google Play and Amazon before downloading them.
- Go to an app’s Google Play Store page
- Scroll down to the bottom of the page to “Permissions.”
- Click “View details.”
- You’ll be shown a list of permissions the app asks for when you install it.
Amazon App Store
- Open the app’s Amazon page
- Click “See all application permissions” or scroll down to “Technical details.”
How to review installed app permissions
Apps will ask for permissions while they’re being installed and/or the first time you open them or use one of their features. Similarly, you can review permissions for any apps you currently have installed via your Android device’s settings app. The permissions menu hangs out in different places depending on which device you have, but you should be able to search for “Permissions” and be taken right to it. The menu will list all installed apps and each type of permission it has. Make sure to scrutinize them thoroughly.
But what exactly should you look for? Well, basically any permission that seems out of place or unnecessary. Here are some good examples from Cybernews’ post on the recent 2NAD malware roundup:
- A call recorder app that wants permission to take pictures and record video.
- A calculator app that asks for permission to your camera and your phone state, which allows them to see your cellular network information, phone accounts and status of calls.
- A dual account app that wants to access your GPS, your camera, your microphone, body sensors, your calendar, to see and edit your contacts, to see and edit your files, check your phone status and much more.
- A photo editor that wants to record audio.
- A memory booster that wants your exact location.
- A phone cooler that wants to see and edit your files, get your location and read your phone status.
That’s not an exhaustive list by any means, but the point is clear: An app shouldn’t be asking for permissions unrelated to its intended functions. If it is, and that fact has already raised your suspicions, delete it—or at least take a few minutes to do some extra research and decide whether this app is the right fit for your device.