The research done by the University of Sydney and CSIRO's Data61 has shown thousands of dangerous applications hiding in plain sight in the online store, tricking users by copying popular alternatives. The study used artificial intelligence to identify counterfeits, before testing them for malware and other vulnerabilities.
The study used a neural network to examine both the design of icons and the wording in descriptions, reviewing 1.2 million applications to identify potential counterfeits for the top 10,000 applications. It found around 2,040 potential counterfeits that have malware in a set of 49,608 applications that showed high similarity to one of the top 10,000 popular applications in the Google Play Store.
The research also found 1,565 potential counterfeits that are asking for at least five additional dangerous permissions than the original applications and 1,407 potential counterfeits having at least five extra third-party advertisement libraries.
The use of pre-trained AI algorithms to evaluate style and content outperforms many baseline image retrieval methods for the task of detecting visually similar application icons and on the large dataset of more than 1.2 million application icons, the methods of the study achieve 8%-12% higher precision than alternatives.
"Many counterfeits can be identified once installed", explained the authors of the study, "however even a tech-savvy user may struggle to detect them before installation," thus the idea to try the "novel approach of combining content embeddings and style embeddings generated from pre-trained convolutional neural networks to detect counterfeit apps."
The study discovered that the 2,040 most dangerous counterfeits were done by at least five commercial antivirus tools as malware, although, encouragingly, 6-10 months since we discovered the apps, 27%-46% of the potential counterfeits that were identified are not available in Google Play Store, as they could have been removed because of customer complaints.
Also, smartphone users cannot claim that they are not being warned about this issue. Both Google and Apple continue to fight to keep their ecosystems secure, and on Android Google Play Protect has been designed to guard against these types of vulnerabilities. Google also stated that in 2018, they introduced a series of new policies to protect users from new trends that are abusive, as they detect and remove malicious developers faster and they stopped more malicious applications from entering the Google Play Store than ever before. The number of rejected application submissions increased by more than 55% and they increased their application suspensions by more than 66%.
The use of artificial intelligence to moderate content and promote internet safety has been catapulted into the news by social media's woes in the last year. Projects such as Google's Jigsaw are a sign of the great things to come. This study is just the start on applying the same thinking to a different realm, but one that struggles with the same issues of scale and user naivety.
At the end of the day, there is no substitute for treating applications from unknown sources as potential threats. This means users must check carefully and not click casually. We carry all of the most valuable and private information that we have on our phones, and we give our phones access to the cloud storage where we store the rest. It is worth remembering that we live and work on our phones, and we must not invite strangers into our virtual homes.