Google Play apps with >4.3 million downloads stole pics and pushed porn ads

Found on Ars Technica on Friday, 01 February 2019
Browse Software

Google has banned dozens of Android apps downloaded millions of times from the official Play Store after researchers discovered they were being used to display phishing and scam ads or perform other malicious acts.

Trend Micro researchers discovered another batch of apps that falsely promised to allow users to “beautify” their pictures by uploading them to a designated server. Instead of delivering an edited photo, however, the server provided a picture with a fake update prompt in nine different languages. The apps made it possible for the developers to collect the uploaded photos, possibly for use in fake profile pics or for other malicious purposes. The developers took pains to prevent users from detecting what was happening.

Hopefully that help to teach users the lesson not to install random software just because it is in some official store. On the other hand, when looking at users in general, there is not much hope.