67% of infected apps are downloaded from Google’s Play Store

The world's largest app store is used and abused by hackers who choose it to spread infected apps and deliver malware.

The first rule to avoid getting a virus on your smartphone is to avoid downloading apps from unsafe stores. But, as it turns out, not even the official Google Play Store is safe: in fact, according to data from NortonLifeLock, two-thirds of the infected apps circulating are downloaded by users from Google's own store.

Using telemetry data provided by NortonLifeLock, in fact, security researchers discovered the origin of installations of as many as 7.9 million unique, dangerous or safe apps on more than 12 million Android devices, in the period June-September 2019. The researchers also analyzed 12 macrocategories of apps, not only those downloaded from the Play Store but also those that must be downloaded via the browser, instant messaging services and other sources. This is a huge amount of data, enough to create a statistical sample that is more than representative of the real situation of the Play Store, which, it seems, is far from absolute security.

The Play Store is the main source of infected apps

Once the calculations were done, two alarming figures emerged: 24% of the analyzed apps were dangerous for the user in one way or another, and 67% of dangerous apps were on the Play Store. Only 10% of these apps, however, had been published on stores other than Google's.

Similar percentages for installations from .pkg files, while all other ways of downloading an infected app have negligible percentages.

Why the Play Store is full of malicious apps

The same study also reveals the reason for this data: 87.2% of the apps (malicious or not) on the analyzed smartphones had been installed from the Play Store, which remains the main market where users go to look for apps.

Those who develop malware, fleeceware, spyware and, above all, adware know this very well and have understood that if there's a good place to hide an infected app, it's Google's Play Store. Also because if a dangerous app isn't on the Play Store, few people will download it.

The malware industry has gotten smart and now uses a two-step tactic: initially a clean version of the app, which is not dangerous, is uploaded, and only then is the app modified via one or more automatic updates. The original app then passes Play Store checks and is published without any problems, and after a short time the same app becomes dangerous.

The real problem with the Play Store, however, is Google's lack of responsiveness, which very often takes too long to remove dangerous apps that are flagged by security researchers: if we look at the ratio between the amount of apps published on the Play Store and the number of infected ones, on the other hand, Google's store numbers are not the worst.