More than one percent of titles available in Google's official Android app market may be unauthorized copycats of competing apps that have been re-engineered to more aggressively monitor browsing history and other personal habits, security researchers said today.
The study, published Monday by researchers from antivirus provider Bitdefender, analyzed 420,646 Android apps available in Google Play. Of those, 5,077 contained code lifted from Facebook, Twitter, and other legitimate apps. The copycat apps offered the same functionality as the original apps, but they were redesigned to include aggressive advertising libraries (often referred to as SDKs), "beacons" that can be used to track users, and modified permissions that had access to text messages, call histories, and other personal information.
"Most modifications add a new Advertising SDK in the repackaged app or change the Advertiser ID from the original app so revenue obtained through ad platforms gets diverted from the original developer to the individual who plagiarizes their work," Bitdefender's Loredana Botezatu wrote. "Other modifications add extra advertising modules to collect more data from the user than the initial developer planned. Moreover, if a developer only collects UDIDs and e-mail addresses initially, a plagiarized application can be extended to place home-screen icons, spam the notification bar, and so on to maximize the hijacker’s revenue."