- Google recently removed another round of malicious crypto apps from the Google Play Store.
- This is another instance in a disturbing trend of malicious apps proliferating on the world’s largest app store.
- Is Google’s quality control not good enough?
According to The Next Web, in 2018 alone, Google has removed three instances of malicious apps posing as legitimate crypto wallet apps. These imposter apps steal keys from you and then drain your accounts. Granted, each app was removed in a few days and only got a few downloads, if any at all, but this is just one part of the problem.
In the past two months, Android Authority has written three articles about Google and its issues when it comes to crypto scams. First, there was the Malwarebytes report about how millions of Android devices are unwitting crypto miners due to downloading malicious applications.
Then, there was the news of Google eliminating all crypto mining extensions, even legitimate ones, from the Chrome Web Store. This new policy was in response to the prevalence of malicious code present in extensions that sometimes have nothing to do with cryptocurrency.
Not long after that, we wrote about a report from Kaspersky Labs about numerous Google Play Store apps that look legitimate but actually secretly mine cryptocurrency.
It’s clear that Google has a serious problem.
In this most recent case, Android users searching for popular cryptocurrency app MyEtherWallet may have mistakenly downloaded a doppelgänger version of the application that is designed to steal your information. It looks like the application remained on the Google Play Store for four days before Google took it down.
This is actually the second time Google took down a MyEtherWallet clone, the first being in January. In that instance, the malicious app was available for almost a week before being removed.
How are these apps not only getting past Google’s supposed quality control checks but then staying active on the Store for so long before removal? According to this walkthrough on the steps to make an app available on the Google Play Store, it only takes a matter of hours for a submitted app to go live. What is happening in those few hours? Is a live person going through the code to make sure it is on the level?
Back in 2015, Google instituted a new policy to combat malicious apps where it claims that a staff member will go through your app to make sure it’s safe. If that is true and still enforced, how is an app that’s clearly a clone of another app still making it through quality control?
While Google’s move to block any and all crypto mining code from the Chrome Web Store is a step in the right direction, it’s clear that the Google Play Store also needs some policy updates. Perhaps a stricter quality control phase where numerous staff members inspect your app before it is available to the public, or some sort of beta testing phase that all apps must go through before they go on sale.
Whatever Google decides to do, it’s clear it needs to do something to respond to these dangerous issues.
NEXT: What is cryptocurrency?