Update, July 17, 2019 (10:46 AM ET): The China-based developer CooTek has been banned from the Google Play Store, as reported by 9to5Google. CooTek developed over 200 Android applications, all of which at one point contained a dangerous piece of adware called BeiTaAd, which is described in the original article below.
Although there’s no solid proof, evidence strongly suggests CooTek secretly placed BeiTaAd into its apps on purpose in an effort to push obtrusive ads to users. It’s also likely CooTek attempted to hide the adware in its apps so that Google would not detect it (which it didn’t, until Lookout exposed it).
With CooTek banned from Google Play, all of its apps are no longer downloadable. However, if you already have a CooTek app installed on your phone, you will not lose it. We strongly suggest uninstalling CooTek apps from your device, though, just for the sake of safety. To see if you have an app developed by CooTek, click here and scroll to the bottom of the page.
Interestingly, CooTek is not yet banned from the Apple App Store.
Original article, June 5, 2019 (10:54 AM ET): Security company Lookout recently found that 238 apps on the Google Play Store — all created by one Chinese development studio — were infected with a dangerous piece of adware called BeiTaAd. Collectively, these 238 apps had over 440 million installs.
Most alarmingly, Google didn’t detect BeiTaAd on its own — Lookout had to inform Google of the app infections. Thankfully, the 238 apps in question have either been removed from the Play Store or updated to a new version without the BeiTaAd infection.
Lookout’s blog post on the topic goes into specific detail of how it found out about BeiTaAd, how it works, and why it wasn’t detected. It’s very technical, but the basic gist of BeiTaAd is that it was incredibly obtrusive, in some cases rendering a smartphone to be essentially unusable.
The way it worked is that a user would install an app made by Chinese studio CooTek; for example, the keyboard app TouchPal, which has over 100,000,000 installs and 1.5 million reviews. Once installed, anywhere from 24 hours to 14 days later, BeiTaAd would start pushing system-level ads to the user, which means the ads appeared outside the app in areas like the lock screen.
Some of these ads would trigger audio and video at random times, interrupting phone calls or waking the user up in the middle of the night.
It's quite alarming that BeiTaAd was so infectious and in so many popular apps and Google didn't figure it out.
Curiously, the 238 apps in question all had code that concealed BeiTaAd’s presence very efficiently, according to Lookout’s research. Lookout couldn’t find any direct proof that CooTek put BeiTaAd there itself, but it does seem strange that the company went to great lengths to hide it in literally every app it had listed on the Play Store. It’s also very strange that BeiTaAd doesn’t appear in other apps by any other developer.
Anecdotal evidence shows that BeiTaAd had been active on the Play Store for around seven months before Lookout found it and reported it to Google.
As of now, it doesn’t appear CooTek has been severely reprimanded for this breach, as many of its apps, including TouchPal, are still active on Google Play. We’ve reached out to Google about this story but didn’t hear back before press time.
Usually, with security breaches such as this, the adware infects unpopular apps that only last on the Play Store for a short while before discovery. The fact that these apps had so many installs and lasted on the Play Store for months — and Google didn’t discover them on its own — is quite alarming. This should act as a reminder to always use caution when installing a new app on your phone, no matter how popular or well-reviewed it might be.