Google Banned App: Google bans 151 Plus SMS apps – How the apps worked, scammed Android users, and more

Google recently removed 151 SMS apps from its Play Store. These apps are hidden in popular keyboard, camera filters and other utility apps. Part of the UltimaSMS campaign, these apps sign users for expensive premium SMS services. The scam apps have been discovered by cyber security company Avast, 82 of these were found on Play Store. The Avast report says that these apps were downloaded more than 10.5 million times worldwide, and were nearly identical in structure and functionality. Here’s how these apps work, steal users’ money and other details.

18

These apps are hidden in photo editor, camera filter, games and other apps

If you think that these apps are found as SMS apps, then you got it wrong. These fraud apps are from a wide range of categories such as custom keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters and games, among others. Many of these apps are also advertised on Instagram and TikTok.

GadgetsNow

28

All apps are largely identical in structure

The apps discovered are identical in structure, meaning that the same base app structure is repurposed numerous times. These copies are disguised as genuine apps through well constructed app profiles on the Google Play Store. On closer inspection, they have generic privacy policy statements and feature basic developer profiles including generic email addresses.

GadgetsNow

38

Secretly accessed Android user’s data including location and phone’s IMEI number

When a user installs one of these 151 apps, the app checks their location, International Mobile Equipment Identity (IMEI), and phone number. This information is then used to determine which country, area code and language to use these details to dupe the user

GadgetsNow

48

Stole user’s mobile number and email address to gain access to their phone

As a user opens the downloaded app, a screen prompts them to enter their phone number, and in some cases, email address to gain access to the app’s advertised purpose.

GadgetsNow

58

These apps subscribe users to premium SMS service without their consent/knowledge

Upon entering the requested details, the user is automatically subscribed to premium SMS services. Cost of these services can go as high as $40 (approx. Rs 3,000) per month depending on the country and mobile carrier.

GadgetsNow

68

Affected user may or may not get notification about these charges

While some of the apps include fine print and may reflect in the final phone bill, others may not even do so. This means that many people who submitted their phone numbers into the apps might not even realize that money is being deducted from their linked financial accounts.

GadgetsNow

78

Users keep getting charged for the subscription even after they uninstall the app

Once subscribed, the premium SMS services will keep charging money from users’ account. Uninstalling the app may not help as the charges continue to be deducted.

GadgetsNow

88

These scam SMS apps have duped users in over 80 countries

As per Avast, these apps have been downloaded most by users in the UAE, Egypt, Saudi Arabia, Pakistan, the US and Poland. There are chances that some users in India too may have downloaded them.