Proceed with caution: How to spot a fake in the Play Store.

Pedro_P

Google has proudly reported that it once again banned a number of malicious or misleading apps from the Play Store last year. But they’re still a long way away from providing a quality defense against malware. The search for the right app in the Play Store is still a matter of intensive research and having the right information. In this article we’ll try to define some basic principles that should help guide you along in your app research.
The Play Store has become an ugly place. It was once considered a place where you could find answers. Does your phone need a new feature? Okay, just go to the Play Store, try out some apps and you’ll be able to solve the initial problem. Now it’s not so easy. Crooks can falsify positive ratings, buy themselves a high ranking and sometimes copy other apps that are actually good.
As the operator of the Play Store, Google for the most part still relies on purely atuomated forms of quality assurance. Algorithms analyze new apps and updates of known code fragments or behavioral patterns, much like a virus scanner does in Windows computers. If an automatic alarm is signaled, the app will likely be sent back to the developer.
The system ensures that 99 percent of all malicious apps don’t reach users via the Play Store, or that’s at least what Google states  in its latest blog post. The algorithms have become a bit smarter thanks to machine  learning. At this point, the algorithms are able to detect fake identities, inappropriate content and new types of malware.
Creators of malware are better organized
In 2017 examples such as SonicSpy showed that malware creators and networksare literally bombarding the Play Store with malware. Google now wants to address these interrelationships. The report goes on to say that Google recognizes “repeat offenders and abusive developer networks" and has already banned 100,000, which has made it more complicated to create a new developer account.
But how do I recognize bad apps?
Flashlight apps are obsolete
Certain apps and games are particularly vulnerable to abuse. Flashlight apps in particular have benefited from users’ careless habits. Usually users are informed of the app’s permissions before installation, although since 2015 they are sometimes only informed once they've started using it. A few months ago there were a large number of flashlight apps that also wanted to be able to send an SMS. Enough users accepted this obviously fraudulent permission and got caught in a trap. The flashlight app could then send premium SMS messages and earn money for the app developers.

Certain app categories are particularly susceptible to fraud. / © AndroidPIT
At the same time, most flashlight apps actually only have camera permission. This makes sense because the LED connected to the camera is controlled via the camera permission. However, not all users know that a flashlight app has already been given to them. It’s probably already in your smartphone’s Quick Settings. Just pull your finger down from the top of the screen and look for the small flashlight silhouette.

The flashlight is already integrated in the Quick Settings of most Android smartphones, which makes these apps unnecessary. / © AndroidPIT
If you install a flashlight app anyway, it will probably interrupt its actual function with several commercial breaks. Advertising in apps is tolerable to a certain extent, but the added value that the app provides must be commensurate with the number of advertising interruptions. With such a superfluous app, there is no reason to tolerate advertising.

Source