The apps show up in keyword searches (in Japanese) for adult videos and pornography
“Typically, the apps only require the user to accept the ‘Network communication’ permission, although some variants do not require the user to accept any permissions,” Symantec said in a blog post. “This is because the app is simply used as a vehicle to lure users to the scam by opening fraudulent porn sites. The app itself has no other functionality. This may fool users into feeling safe about the app and catch them off guard when launching the app.”
Update: Symantec alerted Google to its findings before posting to its blog and has just informed TabTimes that Google has removed the apps in question as well as suspended the accounts of 50 developers involved in posting the apps.
“We notified Google of the specific apps we identified. They have since been removed and the developers’ accounts suspended,” said Satnam Narang, Security Response Manager at Symantec. “Google deserves some credit here too. They had already identified and removed some of the apps before we contacted them.”
But Narang added the problem isn’t likely to go away anytime soon.
“We expect the folks running this stuff to continue as the cash keeps flowing their way,” he said. “We see the same thing in social networks where scams are identified but they keep coming back.”
While Google has done a lot to improve the security of apps in Google Play, including extensive screening for malware, publishing apps there is a more “open” process versus Apple’s App Store that requires a far more stringent approval process.