I can write a caption here. Not too long. Not too short.

Yet more mobile adware found in Google Play

Finding an adware variant that made its way past the Google Play store is out of the ordinary. So when two adware variants slip by in one week, we take notice. Last week, we added two new Ad SDKs to our growing list of adware detections—Adware.Solid and Adware.Cootek. Both Ad SDKs were found in an abundance of apps in Google Play. Adware.Cootek infects over 2,000 Play store apps alone, according to our Mobile Intelligence System.

Behaving badly

Both pieces of adware have remarkably similar traits, displaying full screen ads inside and outside of the infected running app. In addition, they both show ads during screen lock and immediately after unlocking the screen. For your viewing pleasure, below you can find an array of offending ads with captions detailing the inappropriate timing:

We’re listening

Ads displayed inside a free app? Fair game. Ads displayed outside the app, especially during and immediately after screen lock? That, my dear readers, is where we draw the line. Many of these apps contain reviews on Google Play addressing the aggressive nature of the ads contained. Unfortunately, these reviews fall on the deaf ears of the app developers. But fear not my friends, for we are listening. Whether it’s in Google Play or not, we take a hard stance on aggressive adware. Cue shameless (yet helpful) plug: Malwarebytes for Android warns you when Ads are crossing the line.

Use common sense

A note to app developers. We get that you need to make some revenue from your hard work, and selecting an appropriate Ad SDK to tack onto your apps is tough business. Perhaps it’s unfair to take the blame when at the time the Ad SDK was selected, it wasn’t considered adware. However, I ask this question: How many bad reviews does it take before you repackage with another, less offensive, Ad SDK? One app we found which will remain nameless had around 400 one star reviews, and I’m willing to bet most were addressing the aggressive ads. Think about how you’d like to interact with an app: would all of those aggressive ads make you enjoy the app even more, or would they frustrate you? Use common sense when selecting an Ad SDK.

It’s up to the user

As already addressed in our Mobile Menace Monday post, we know that mobile adware is not dangerous malware—more like an inconvenience. In some cases, it goes behind annoyance when it is collects too much personal information. This can include GPS location, phone number, IMEI, and IMSI. Still, this isn’t a blatant act of maliciousness as seen from far more threatening pieces of malware.

It’s fully up to you, the user, whether to delete the offending app or ignore our warnings. If you choose to ignore and accept the presence of these annoying ads and/or the potential to collect personal information, no further harm should come your way. Admittedly, we can’t fully guarantee this claim—thus, I leave you with this: Ignore at your own risk.

Unfortunately, we called it

When Google Play Protect was released, I conveyed my concern for adware along with other Potentially Unwanted Programs (PUPs) still making their way into the Play market. Unsurprisingly, here we are with two new pieces of adware found in one week. My prediction is that this is only the beginning. Stay safe out there!


Nathan Collier

Full time mobile malware researcher, part time endurance athlete and world traveler. As nerdy about traveling as he is about mobile malware.