Normally, when it comes to scams, there is clearly a bad party and it's usually the grifter. However, a new scam uncovered by security researchers at ESET lands squarely in the everyone is probably wrong zone.

The scam involves a series of 28 apps dubbed "CallPhantom" by ESET that racked up more than 7.3 million downloads on the Google Play Store. The various apps promised to give users access to call histories, SMS records and even WhatsApp call logs for any phone number.

To gain access to this creepy information, users had to pay a subscription fee. Unfortunately for them, but perhaps fortunately for the people whose phone numbers they entered, these CallPhantom apps only sent back fake data.

The ESET researchers found that the apps used different methods to fake the "information." The apps would generate random phone numbers and match them with fixed names, call times and durations.

Some of the apps demanded users' email addresses where the fake call history would supposedly be sent. However, no "data" would be sent until after payment.

Surprisingly, none of the apps requested intrusive permissions on the scammed individual's phone.

Payments to the apps were split up as well. Some relied on the Google Play Store's official billing system, which is required for apps that offer in-app purchases. Some utilized third-party payments or had payment card checkout forms that side-stepped Google's policies though.

ESET says that it submitted its report about the CallPhantom apps to Google in December 2025, and all of the apps in question have since been removed. Browsing the Play Store today, we were unable to find any evidence of these apps.

How to stay safe from malicious apps

Look, obviously, no one deserves to be scammed. That said, when you go looking for sketchy apps that promise to enable behavior next door to stalking, you are more likely to find programs built to grift.

So... don't do that.

Per ESET, the apps in the research were mainly targeted at people in India and the Asia-Pacific regions.

Still, if you've been scammed, there is recourse for refunds in the Play Store app. Google lays out the process on its Cancel, pause, change subscription page.

Beyond that, for any app be sure to check the reviews beyond the glowing 5 Stars at the top of the page.

Only download apps from reputable publishers, always apply security updates and avoid downloading any non-essential apps. Be sure to reject and disable accessibility permissions too. Of course, enable Google Play Protect as well as this built-in security tool scans all of your existing apps and any new ones you download for malware and other threats.

CallPhantom doesn't appear to have introduced malware or viruses, but you should still protect your smartphone with one of the best Android antivirus apps.

Apps can do real damage, especially those with malicious intentions. It's why we recommend limiting the number of apps you have installed overall. And perhaps, don't try to find out who other people are calling using a shady app making dubious promises.

More from Tom's Guide

• 'Not happening! Y'all are wild': Google shoots down rumors Android will copy the iPhone's Liquid Glass design
• How to turn on Android’s anti-theft protection features and secure your phone
• I tried Android 17 and these are the 5 new changes worth paying attention to

Earlier this year, Google announced plans to make sideloading apps significantly harder to do on the best Android phones. However, many Android owners did not welcome this controversial move.

Now though, fans of sideloading apps might want to reconsider thanks to a new malware strain that can bypass encrypted chats in apps like WhatsApp and Signal and targets financial apps. This new banking trojan, dubbed Sturnus, originates in malicious APKs.

Researchers from MTI Security first discovered Sturnus (via ThreatFabric) and noted it can bypass some security measures by gaining high-level access to the contents of your screen which allows it to view those encrypted chats you thought were safe from prying eyes.

The malware can also recreate banking screens using overlay attacks to phish your login credentials and launch device-level attacks. This means that cybercriminals could remotely control take over your device. Likewise, it can also create fake Android updates to hide its activity.

How Sturnus works

According to ThreatFabric, Sturnus has been used in attacks in both Southern and Central Europe, which the cybersecurity firm claim suggests preparations for a "broader campaign."

The malware apparently uses a "chaotic mix" of plaintext, RSA and AES communications that it switches unpredictably between while sending out simple and complex messages.

According to the researchers, they suspect the malware may be transmitted via rogue attachments in messaging apps. It propagates by disguising itself as fake versions of Google Chrome and other popular apps. From there, it then gains Admin rights on the phone which enables the malware to prevent itself from being uninstalled and locking the device.

While Sturnus is designed to get around encrypted conversations, it sends stolen data back to hacker-controlled servers using an encrypted 256-bit AES key.

Sturnus appears to be in its "pre-development" stages, but the researches say it could be used as for advanced attacks right now. Unfortunately, given how dangerous it ism the only way to prevent it at the moment is to avoid downloading APK files online to sideload Android apps.

A Google spokesperson told Android Authority that according to their detection programs, there are no malicious apps in the which Play Store contain Sturnus.

How to stay safe from Android malware

First of all, to avoid falling victim to Sturnus and other Android malware strains, you shouldn't sideload apps on your devices.

Doing so puts you at serious risk of being plagued by malware, adware, spyware and other threats. Apps found in unofficial third-party app stores or downloaded as APK files don't go through the same rigorous security checks as they would on the Google Play Store or other first-party stores like the Samsung Galaxy Store.

Beyond not sideloading apps, you also want to make sure that Google Play Protect is enabled on your Android smartphone or tablet. This pre-installed security app scans all of your existing apps and any new ones you download for malware and other threats. However, you should also consider running one of the best Android antivirus apps alongside it for extra protection.

Malicious apps are one the easiest ways for hackers and other cybercriminals to establish a foothold on your devices. So it's up to you to carefully vet every app you install. Sticking to official, first-party app stores and limiting the number of apps installed on your phone should keep you relatively safe from Sturnus and other malware strains too.

More from Tom's Guide

• These 12 malicious Android apps are recording your conversations — delete them right now
• Best Android apps — free and paid
• Dogs and cats living together! Google announces Android Quick Share now works with AirDrop

You can never be too safe when installing a new app on one of the best Android phones as hackers and other cybercriminals continue to use malicious apps in their attacks.

According to a new report from the cloud security company ZScaler, there were more than 40 million downloads of malicious apps on the Google Play Store between June 2024 and May 2025. Though the majority of these apps are no longer available through the app store, the company found 239 applications that it was able to identify as malicious, up from 200 the previous year.

This represents a 67% growth in malware that specifically targets mobile devices, and much of it is spyware and banking trojans; banking malware specifically has grown over the past three years and reached 4.89 million transactions in 2025. The report from Zscaler identifies that much of the mobile malware has shifted to a social engineering approach because of the increased adoption of mobile payments, as well as the improved security around payments due to the roll out of chip and PIN technology.

The telemetry data collected for the report shows a shift from more traditional card fraud to methods that exploit mobile payments. Examples given involve social engineering, like phishing, smishing, SIM swapping or payment scams. Zscaler researchers have stated that cybercriminals and threat actors need to use phishing, trojans and malicious apps in order to steal financial information and log in credentials in order to carry out the attacks involved in the apps they discovered.

How to stay safe from malicious downloads

In order to avoid malicious downloads, you should only get new apps from reputable publishers or app stores, always apply security updates, avoid downloading non-essential apps and reject and disable accessibility permissions. Likewise, you always want to keep your operating system up-to-date and enable Google Play Protect as well.

From there, limit app permissions to only what is necessary and watch for any unusual behaviors after your install apps that you're not sure about. Signs that your device may have become compromised include unusual battery drain, unexplained data usage, or persistent background activity you cannot explain.

Your device should also be protected by one of the best Android antivirus apps, which will help you detect malware with real-time scans. These programs also offer additional features, like VPNs and scam alerts, that can help protect your privacy and keep you safe online.

Just because a group of malicious apps came out a long time ago doesn't mean they aren't still doing damage in the real world. This is why I always recommend limiting the number of apps you have installed overall. That way, if one is malicious or it goes bad over time, it will be a lot easier to find.

More from Tom's Guide

• Dangerous new Android trojan is taking over phones and draining bank accounts — how to stay safe
• These 12 malicious Android apps are recording your conversations — delete them right now
• Hackers can use prompt injection attacks to hijack your AI chats — here's how to avoid this serious security flaw

It’s the time of year when spooks and scares are the focus, and few things can get people in the scary mood like a good horror game — especially when it's right there in the palm of your hand. You can find some great horror games to play on the best phones, and many of them won’t cost you a thing.

I've been working my way through Google's Play Store and Apple's App Store to find some of the best horror games that you can play this Halloween and beyond.

If you want the best overall experience, make sure to grab one of the best mobile gaming controllers. There’s nothing that quite takes away from the fear factor like your thumb covering up the zombie's face, and a mobile controller can make you less reliant on those on-screen buttons.

So let’s dim the lights and jump into the scares with the seven best horror games you can play on your phone right now.

Alien: Isolation

If there’s a franchise that screams horror, it has to be Alien, but I don’t think the games have always had that in mind. For years, we didn’t have access to any really good Alien-based horror games, but that all changed back in 2014 with the release of Alien: Isolation. With a genuinely tense atmosphere and an Xenomorph that’s smart enough to hunt you, you’ll be on the edge of your seat throughout the 18- to 20-hour campaign.

You can play the two missions of the game for free on both iPhone and Android, with the option to purchase the full game later for $15.

Download Alien: Isolation: App Store; Play Store

Baby In Yellow

From Xenomorphs to demon babies, this horror train doesn’t stop rolling. I wouldn't be surprised if you’ve not heard of Baby in Yellow, but let's remedy that now.

What starts as a very simple babysitting job soon devolves into a Lovecraftian nightmare as you are hunted by one very possessed baby. With a mix of some genuinely unpleasant level design and a relatively simple premise, this one will have you both scared and laughing at once.

Baby in Yellow is free to play on both the App Store and Google Play Store, but there are a fair few ads.

Download Baby in Yellow: App Store; Play Store

Granny

Granny is a very strange game initially. While not the most graphically appealing game in the world, that ultimately works in its favor to create a suspenseful and unsettling experience.

It’s up to you to escape from a house within five days, while avoiding the antagonistic granny. The game manages to build tension through stealth and sound, and I honestly found myself holding my breath at times.

Granny is free to play, with several difficulty options depending on how careful you want to be.

Download Granny: App Store; Play Store

Limbo

If you want a game that’s both unsettling and incredibly depressing, then Limbo is the one for you. This 2D sidescroller has you controlling a child running through a world of shadows while hunting for an escape. At a glance, the gameplay isn't all that complicated, but Limbo creates a sense of immersion and ambience that makes it a must play for horror fans.

Limbo is available on both the App Store and Google Play Store for $3.99

Download Limbo: App Store; Play Store

Resident Evil 2

When it comes to shooting zombies, there are few titles as well known as Resident Evil. One of my favorites in the series has to be the Resident Evil 2 remake, which plays much better than you would expect on phones. The mobile game takes the tension of the original and reinvents it with updated graphics and a more streamlined control scheme. If you want to relive the horror of Racoon City, then this is one for you.

Unfortunately for Android users, Resident Evil 2 is only available on the App Store. But it is there for free, with some in-app purchases.

Download Resident Evil 2: App Store

Little Nightmares

Much like Limbo, Little Nightmares plays like an adventure set in a nightmare, where your only option is to avoid the monsters hunting you. The name isn't just a catchy title either, as the world you'll be exploring really is filled with the kind of horrifying creatures that only come out at night. It's not so much scary as it is unsettling, with some interesting puzzles and tense chase sequences thrown in.

Little Nightmares is available on both the App Store and Google Play Store for $7.99.

Download Little Nightmares: App Store; Play Store

Five Nights at Freddy’s

One of the core tropes when it comes to horror games is the classic jump scare, and few titles do that quite as well as the original Five Nights at Freddy's. The series is a household name these days, with a second movie on the way.

Still, if you’re looking for a great game to get some scares on your phone, the first Five Nights remains worth a look. It might be a bit dated graphically, but the sense of tension and the jump scares still work really well.

Five Nights at Freddy's is available on both the App Store and Google Play Store for $2.99.

Download Five Nights at Freddy's: App Store; Play Store

What are your favorite horror games?

More from Tom's Guide

• This is the one reason why I'm still avoiding foldable phones — and it isn't the price
• I've been using the iPhone 17 for a month — here's my pros and cons
• I ditched my decades-old wallet for this MagSafe Field Wallet, and I’m weirdly conflicted about it

UPDATE (10/14): Reports indicate that Google has now solved the issue with a server-side change. According to a report from Android Authority, Google classified the bug internally as an "incident" due to the issue's scale. This means that Google had multiple teams working to solve the fault, while also launching an investigation into what caused the problem.

Original story follows...

There are a few things worse than your phone’s apps suddenly crashing, but usually it's pretty easy to solve. However, it seems that certain users are experiencing a consistent issue with the Pixel 10 series phones.

The problem was detailed on a post on Reddit from user hootenanymessenger, who experienced the crashes on their Pixel 10 Pro. According to the post, the fault causes apps to suddenly freeze, followed by a pop-up that states the app “isn’t responding.” This was also showcased in a post on X from @ArtemR, which included screenshots of several different apps showing the pop-up.

Usually, when this happens, the solution is to restart the app or, failing that, clear the app's cache data. Sadly, according to users on Reddit, many of the old fixes don’t seem to solve this current issue.

Instead, the solution one user gave was to install the Android 16 October update, uninstall Google Play services and the Google Play Store updates, then update them again.

Please note that doing this will sign you out of your Google Account, so you will need to log back in to restore complete functionality. Alternatively, some users have reported that only clearing the Google Play Services data worked for them.

If you haven’t experienced the issue and haven’t updated your Google Play services to the latest build, then we’d recommend holding off for now. Thankfully, it's likely a software issue that's causing the problem, over a hardware fault. As such, Google should be able to solve it with a patch.

More from Tom's Guide

• I put the Google Pixel 10 Pro Fold vs. Samsung Galaxy Z Fold 7 through a 7-round face-off — here's the winner
• Google just revealed how Pixel 10 Pro beats Galaxy Z Fold 7 on durability
• Here's when Samsung Galaxy devices will get Android 16

Bad apps can be hiding in the place you least expect and that’s exactly what happened with 224 malicious apps that were recently removed from the Google Play Store following the discovery of a massive ad fraud campaign.

As reported by BleepingComputer, the campaign itself was discovered by Human’s Satori Threat Intelligence team which revealed in a new report that these apps had over 38 million downloads in total. However, it was the advanced tricks and obfuscation techniques they used to bypass Google’s defenses that really stood out.

Unlike previous ad fraud campaigns, this one spanned across the globe with users of the best Android phones downloading them from 228 countries, though they generated the most ad impressions in the U.S. (30%), India (10%) and Brazil (7%). Human’s security researchers have dubbed the campaign “SlopAds” as the malicious apps used in it had a mass produced look and feel, similar to online content created by AI image generators and other AI tools.

Here’s everything you need to know about this new ad fraud campaign including what to do if you did download one of the apps in question along with some tips and tricks to help keep your Android phone safe from adware apps.

From legitimate to malicious in an instant

In order to avoid being detected by Google’s app review process and Android’s built-in security software, the scammers behind this new ad fraud campaign went to great lengths.

For instance, if an Android user installed one of these so-called SlopAd apps directly through the Play Store of their own accord, the app would act as it normally would once installed. However, if they stumbled upon one of these apps after clicking through from the scammers’ various ad campaigns, the app would become malicious after installation.

Once the SlopAds app ran the necessary checks to see whether or not it was installed via the Play Store, it would then download an encrypted configuration file that contained links to the scammers’ ad fraud malware module, cashout servers and a JavaScript payload. From there, the app would run one final check to make sure it was installed on a legitimate Android user’s device and not being analyzed by a researcher or software before proceeding.

Now this is where things get interesting. These SlopAd apps would download four PNG images that look harmless at first glance. However, they actually use stenography to hide pieces of a malicious APK or installation file which is the driving force behind this ad fraud campaign.

After being downloaded, the images are decrypted and then reassembled on a targeted device to form the FatModule malware. Once activated, it uses hidden WebViews to collect device and browser information as well as to navigate to scammer-controlled domains which are used to cashout all of this fake ad revenue generated by these SlopAd apps.

The domains themselves impersonated videogame and news sites while continuously serving hidden WebView screens. This generated over two billion fraudulent ad impressions and clicks each day which brought in quite a lot of money for the scammers.

How to stay safe from ad fraud apps

Although Human’s Satori Threat Intelligence team hasn’t released the full list of these 224 SlopAd apps, they’ve all been taken down from the Google Play Store. Likewise, if you accidentally downloaded one, you don’t need to worry about tracking it down on your own. This is because Google has updated Android’s built-in security app Google Play Protect to warn users to uninstall any of these malicious apps that may be on their smartphones or tablets.

So besides stealing, what’s so dangerous about ad fraud and adware apps? Well, imagine if your phone was constantly loading random websites in the background throughout the day? Not only would this eat up your mobile data but it would also put unnecessary strain on your phone’s battery and other components. As such, you’d probably need to upgrade to a new device sooner rather than later if you had one of these SlopAd apps or a similar adware app installed.

I know this isn’t as pressing of a threat as your typical Android malware infection, but it’s still something you need to be aware of and look out for. Even though we’re not dealing with an infostealer or other dangerous malware here, you can see above how those who chose to sideload these apps were much more at risk than others who downloaded them from an official Android app store, in this case, the Play Store itself.

If you are worried about malware and other viruses ending up on your phone or tablet, then you might want to consider running one of the best Android antivirus apps alongside Google Play Protect. Likewise, if you want the ultimate protection from hackers, scammers and even identity thieves, then the best identity theft protection services are what you’re after. They’re more expensive but a big reason for this is that they include identity theft insurance which can range from anywhere from $1 million to $2 million. This money can be used to cover legal expenses, to get new documents and to compensate you for any funds lost to fraud.

Given how much money a major ad fraud scheme like this one can generate for scammers and other cybercriminals, this likely isn’t the last one we’ll see. In fact, due to the sophistication of this SlopAds campaign, the security researchers who uncovered it believe that the scammers behind this one we’ll likely try something very similar quite soon. So be on the lookout and as always, be careful what you download.

More from Tom's Guide

• Hackers are using Google search results to spread fake apps filled with malware — don't fall for this
• I found a phishing email in my inbox and a malicious app in my news feed — here’s how I knew they were scams
• Fake Meta suspension warnings used in new malware campaign — how to protect your devices and your data

The Tor Project, famous for its anonymous, onion-based network, has launched its own VPN.

It has been released on the Google Play Store and is currently in beta. Right now, it can't match the best VPNs in terms of features, but the Android VPN app can send user's traffic through the Tor Network and has a focus on navigating censorship.

The app's description says early-adopters should expect bugs and it isn't yet ready for "high-risk" users.

The Tor Project has released an official VPN app that allows Android users to route all their traffic through the Tor networkplay.google.com/store/apps/d...

— @campuscodi.risky.biz (@campuscodi.risky.biz.bsky.social) 2025-09-11T15:31:49.440Z

An experimental VPN

The launch of this app marks the Tor Project's first steps into the world of VPNs. Tor VPN Beta is still in an "experimental" phase and its Play Store description says the app "is for users who want to help shape the future of mobile privacy."

Despite being in beta, there are some useful VPN features. Your IP address and location is hidden from the apps and services you use, as well as anyone monitoring your connection and traffic.

The Tor Project doesn't say what type of encryption it uses to protect your data – if any.

A form of split tunneling is available, where you can select which of your apps to route through the Tor Network. Tor says each app has its own "circuit and exit IP." This means your online activity is separated and no third-party can make connections between it.

These circuits appear to run your traffic through five nodes, in the same way you'd access the Tor Network. Your data leaves an entry node, and passes through three nodes, and then connects to the internet via an exit node.

With the Tor Network, each node is operated by a volunteer and no one node can see the whole route of your internet traffic. An example VPN circuit is displayed, showing data travelling from Firefox to a node in France, then Germany, then Brazil, before connecting to the internet.

The beta uses what Tor calls "bridges" to enable continued access to the Tor Network in places where it's blocked.

There appear to be two bridges built into the app. The first, obfs4, disguises your traffic as random data. Snowflake is the second bridge and this disguises your traffic as a video call.

New bridges can be added and they can also be requested from the Tor Project.

Bridges are an effective way of navigating internet censorship and maintaining access to a free and open internet.

Tor VPN is built on Arti, "Tor's next-generation Rust implementation." The provider says Arti "means safer memory handling, modern code architecture, and a stronger security foundation than legacy C-Tor tools."

Expect limitations

The Tor Project makes it clear that this release is "intended for testing and feedback." It says the app is "not suitable for high-risk users or sensitive use-cases" but "is for early adopters who want to help shape mobile privacy and can do so safely."

You'll likely encounter bugs and the developers have encouraged users to report any findings to the team and share feedback. They called for testers to "bring the app to its limits."

Beta testers can report any issues via the Tor VPN GitHub page, where the app's open source code is also visible. The page shows the app was first created on January 28, 2022, so has been in development for a number of years.

The Tor VPN Beta Google Play Store listing states no user data is collected and no data is shared with third-parties.

Despite this, the Tor Project warned the beta may still leak information and "some Android platform data can still identify your device." It says no VPN can completely prevent this and those facing "extreme surveillance risks" shouldn't access the beta.

The Tor VPN app is still in its infancy and we look forward to following its developments.

We test and review VPN services in the context of legal recreational uses. For example:1. Accessing a service from another country (subject to the terms and conditions of that service).2. Protecting your online security and strengthening your online privacy when abroad.We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

More from Tom's Guide

• Over 1 Million Hit In Farmers Insurance Data Breach — Names, Addresses, Partial SSNs And More Exposed
• Dangerous Android banking trojan found lurking in malicious apps with 19 million installs — don’t fall for this
• Macs under attack from dangerous new info-stealing malware — how to stay safe

Google Play Store will now show warnings on Wear OS watch face listings that could be potential battery eaters. These include ones with constant phone interactions and lots of animations.

The feature comes courtesy of the latest Play Store version 47.7 update (via Android Authority). It will show warning messages on the watch face apps available for Wear OS.

"With this update, you can now find warning messages on detail pages for watch face apps that drain battery," the update reads.

Like wallpapers, some watch faces are heavier lifts than others, with efficient designs, especially those featuring more animations, live data, or constantly updating your phone. Those features can be big drains on your battery.

Up to now, other than careful reading or experimentation, there was no clear way to know whether or not you were downloading a vampire. The new update gives you a way to know and make smarter choices while seeking out flashy new watch faces.

I have a Galaxy Watch Ultra that I like, which is running Wear OS 6. The update wasn't available yet for my watch.

Google rollouts can take a few days to hit most people. So, if you're also not seeing watch face warnings, give it a day or two for the update to hit your phone or watch.

Still, once it does go live, it's a welcome feature that will help maintain battery life on your smart watch.

More from Tom's Guide

• I checked out the Pixel 10, Pixel 10 Pro, and Pixel 10 Pro XL — here’s the one I recommend
• I tested Waze vs. Google Maps for a weekend trip — and there's a clear winner
• Google is tracking you right now — change these 3 settings to stop it

Whether it's making too-good-to-be-true promises, collecting your data, or having apps filled with ads and trackers, suspicious free VPNs are bad news.

But we can now add stealing VPN servers to the growing lists of reasons to avoid.

The suspect in question, Jet VPN, appears to have been caught stealing Windscribe's servers to host its own VPN.

The VPN has thousands of five star reviews and claims to be "100% private and secure."

Windscribe found out about Jet VPN's actions almost by accident and subsequently banned the stolen accounts it was using. Jet VPN reportedly then turned its attention to stealing from Private Internet Access.

The damage and impact to Windscribe appears to be low. But this is a concerning series of events and highlights how only the best VPNs can be trusted.

Major problem but minimal damage

Taking place at the end of July 2025, Windscribe's discovery started with another suspicious VPN, Hizen VPN.

The app has zero reputation, no social media presence, and a sketchy website. Despite this, Hizen VPN was the sixth most popular free app on the Google Play Store (at the time of the incident) and Windscribe wanted to investigate. It found the app was filled with ads and rarely worked.

When checking on Hizen VPN a week later, Windscribe saw Jet VPN sitting at #8 on the Google Play Free Apps charts. Like Hizen VPN, Jet VPN has no reputation, no social media, and an even more basic website – seemingly only two pages.

On a hunch, Windscribe connected to a Jet VPN server to examine its VPN IP address. Windscribe were shocked to find Jet VPN was using – or rather stealing – Windscribe's servers.

This was now a much bigger issue than exposing a suspicious VPN. Windscribe worked out Jet VPN was using a stolen Windscribe account and its authentication to access its servers and offer connections.

That account was quickly banned. Jet VPN then reportedly stole a second account and which was subsequently banned too. Windscribe has reported that Jet VPN then switched to leeching off Private Internet Access' servers.

Private Internet Access said: "PIA is well known as one of the most transparent and open VPNs on the market today."

"We have a strong brand, and high customer satisfaction. One of the reasons for that satisfaction is our unlimited devices offering."

"We are aware that a third party took advantage of this policy and, in line with our Terms of Service, we closed the offending accounts promptly."

Thankfully, there was minimal damage to Windscribe's service or infrastructure. Windscribe claimed its servers were only being used for a few days and Jet VPN's user base was under 100.

Windscribe has said it is adding more mitigations to protect against this happening again but added that automated checks to stop moves like this were not that simple. It added that the minimal usage meant no major red flags were triggered but it will continue to monitor its servers.

Reviews continue to pour in

In the days following Windscribe's discovery, positive reviews of Jet VPN continued to pour in and it rose to #5 on Google Play's free apps list. Windscribe noted almost 500 reviews coming in one night.

Windscribe discovered that it was previously a picture frame app and had likely been bought or repurposed into a VPN app.

Since Windscribe's announcement there have been a string of one star reviews warning users not to download Jet VPN.

Windscribe said it contacted Jet VPN's developers, who denied it used Windscribe servers. Windscribe responded by saying it must have been a "total coincidence" that once the accounts were banned the "whole app went down."

Tom's Guide reached out to Jet VPN's developers who provided the following comments:

"Earlier this year we were given access to certain VPN servers by a third party who presented themselves as a legitimate white-label VPN provider."

"At the time, we were unaware that these servers were associated with Windscribe and that there was no authorisation for us to use them."

"As soon as we were informed about the issue, we immediately removed all such servers from our app and released an update to ensure there is no further use of any Windscribe infrastructure. We have now fully migrated to self-hosted VPS servers that we manage ourselves."

"There was never any intention to misuse Windscribe’s resources or deceive users. This was an unfortunate misunderstanding, and we acted promptly to resolve it as soon as we became aware."

However, as of Monday August 18, Jet VPN appeared to have been removed from the Google Play Store.

Google confirmed that both Jet VPN and Hizen VPN are no longer available on the Play Store.

A Google spokesperson said: "If we find that an app has violated our policies, we take appropriate action."

Suspect free VPNs have spiked in popularity, especially in the UK thanks to the Online Safety Act and Windscribe has said it will continue to keep an eye out for them.

This incident raises questions for Google Play's verification processes. In January it announced the introduction of a verified badge for VPN apps that have undergone security assessments.

Jet VPN hasn't been awarded one of these badges but we would like to see more diligence from Google when it comes to VPN apps that feature in the top charts.

We test and review VPN services in the context of legal recreational uses. For example:1. Accessing a service from another country (subject to the terms and conditions of that service).2. Protecting your online security and strengthening your online privacy when abroad.We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

More from Tom's Guide

• Google Pixel 10 pricing just leaked — here's the cost of every model
• The iPhone Fold doesn't need to be groundbreaking to beat every other foldable phone — it just needs to work
• Samsung just announced early Galaxy S25 FE launch — confirms new tri-fold and XR headset are coming this year

If you’ve recently downloaded a crypto app from the Google Play Store, you should probably check this list from Cyble Research and Intelligence Labs (CRIL) just to be safe

Cybersecurity researchers at CRIL recently found 20 malicious apps managed to infiltrate the Play Store in order to trick users by appearing to be legitimate wallet apps providing crypto services.

PC Mag reports that the apps have since been removed from the Play Store, however, some of them were downloaded hundreds of thousands of times which many people could be at risk from having their digital funds drained by threat actors.

Delete these apps right now

Here is the full list of malicious apps found stealing cryptocurrency on the Play Store:

• Pancake Swap
• Suiet Wallet
• Hyperliquid
• Raydium
• Hyperliquid
• Bullx Crpto
• OpenOcean Exchange
• Suiet Wallet
• Meteora Exchange
• Harvest Finance Blog

While there are 20 malicious apps in this list overall, many of them use the same app name but have different package names. Regardless though, you're going to want to delete any app with one of the names listed above even if they have different developers.

How to stay safe and what to do next

These fake apps will remain on a device until they are manually removed so the first step to ensuring that you are safe is to check and see if you have downloaded any of them by mistake.

The threat actors created multiple fake apps for services like SushiSwap, Harvest Finance blog, Meteora Exchange, OpenOcean Exchange, Pancake Swap, Raydium, Bulix Crypto, Hyperliquid and Suiet Wallet.

Users who installed the malicious apps were redirected to a URL that asked for the 12-word recovery phrase that is connected to their official crypto currency wallets. Using this phrase, a threat actor could remove the funds from these wallets.

The attackers who developed these fake apps used developer accounts on the Play Store that were already established as legitimate and that had other non-malicious, clean apps on offer like Android games. This added legitimacy to the operation and was likely how they managed to slip past Google's defenses in the first place.

Those who have been infected should find an alternate way to access the crypto wallet without using the fake app, then changing their access information and report the potentially malicious access directly to their crypto service. If you are still concerned, you can also remove your funds from the account and put them in an alternative service.

In order to stay safe from malicious apps, you want to make sure that Google Play Protect is enabled on your smartphone. This free app comes pre-installed on all of the best Android phones and it can scan your existing apps as well as any new ones you download for malware. For extra protection though, you might also want to run one of the best Android antivirus apps alongside it.

There's loads of money to be made from crypto for cybercriminals and fake apps are one of the easiest ways for them to gain a foothold on your smartphone. This is why you want to be extra careful when downloading new apps, though you also should limit the number of apps you have overall as even good apps can go bad.

More from Tom's Guide

• 5 Android settings you need to turn off right now because they’re a huge security risk
• More than 4 billion user records exposed in biggest data leak ever — everything you need to know
• New AT&T data leak links previously exposed info to Social Security numbers, birth dates

Google is looking to introduce new ways to help prevent users from accidentally buying apps through its one-touch system on the Play Store.

The company had previously confirmed that it was planning on implementing a swipe gesture over the current tap-to-buy button, but we didn’t have a set release date. However, it appears that the rollout has now begun, as a recent post from Telegram user @Adamzampahere has shown off the feature for version 45.8.21-31 of the Play Store.

In the shared screenshots (via Android Authority), you can see the new option in effect. When you select an app or subscription service, you will need to hold and swipe to confirm the purchase, before other verification measures presumably take place like usual.

Unfortunately, my Galaxy S25 doesn’t currently have the option just yet, so I haven't been able to try it myself. However, at a glance, it does look like it would help to mitigate the chances of accidentally purchasing an app.

Even with this new Play Store purchase gesture, I’d still recommend having biometric verification activated as well, for the best possible security. You can check if biometric verification in the Settings tab, but we have a full rundown of how to activate biometric verification for Google Play if you get stuck.

Better protection, but you still need to be aware of risks

Google making it slightly harder to accidentally download apps is a great step, especially with the number of malicious apps that can appear on the Play Store. For instance, Google announced that it had removed 2.3 million potentially risky apps from the service, but there are undoubtedly more hidden in the virtual crowds.

However, all the verification steps in the world won’t help if you don’t know how to spot malicious apps. This can be complicated, but there are a couple of things you can look out for. For instance, check the developer profile to see what kind of apps they’re been creating, as well as checking the quality of the reviews for the app.

Hopefully, this new feature comes to global devices quickly so that you and I can start downloading some of the best Android apps onto our devices with full intent soon.

More from Tom's Guide

• Samsung Galaxy S25 Edge could arrive before the end of May — what we know
• iPhone 17 dummies show just how thin the Air is
• I have concerns about iPhone 17 Air’s design — and Pixel 9a is why

212 VPN apps on the Google Play Store have been targeted by Russian internet regulator Roskomnadzor, as the country continues its censorship drive.

Between March 12 and April 1 2025, 214 App Takedown Requests were issued. These affected some of the best VPNs and represented over 90% of all takedown requests sent to Google during the period.

But Google appears to be resisting Russia's demands, with only 6 of the 212 VPN apps targeted unavailable on the Google Play Store.

47 requests were sent on March 12, which prompted the anti-censorship organization, GreatFire, to investigate.

GreatFire's App Censorship Project analyzed a total of 399 VPN apps, and 346 (87%) remain available on the Russian Google Play Store.

Google is largely standing firm in the face of Russian censorship. But we'd argue it shouldn't be complying with any removal requests that further state censorship.

Despite 87% remaining available, the fact 13% of VPNs have been removed is disappointing.

53 VPNs unavailable

53 of the 399 VPN apps tested were unavailable on the Russian Google Play Store.

Of the six unavailable apps from the targeted 212, two have been unavailable since at least 2023, one since mid-2024, with the status of the remaining three unclear.

Another six targeted VPNs disappeared from the Play Store globally. The time and reasons for removal are unclear.

GreatFire found 47 additional unavailable VPN apps that were not specifically targeted by recent requests. Of those, 20 have been unavailable since the start of 2024 or earlier.

URL takedown requests were also uncovered by GreatFire. The first notice, dated March 10 2025, requested the removal of over 40,608 URLs from Google Web Search under Russia's "VPN law" – of which it has some of the strictest in the world.

Another notice on March 26 targeted more than 43,099 URLs. Additional requests targeted content relating to the Ukraine war, LGBTQ+ topics, poetry, and songs.

"The Russian government is waging an all-out war on VPNs and other tools enabling Russian citizens to bypass censorship and surveillance," said Benjamin Ismail, GreatFire's Campaign and Advocacy Director.

"The systematic targeting of hundreds of VPNs and tens of thousands of URLs constitutes a de facto blanket ban on VPNs, regardless of official statements claiming VPN usage remains legal," Ismail added.

He went on to say that "Google's actions will critically shape the effectiveness of Russian government censorship."

Impact on the best VPNs

A number of the best VPNs are not currently listed on the Russian Google Play Store. NordVPN, Surfshark, and ExpressVPN, our current top three providers, are all unavailable.

GreatFire data shows NordVPN was removed in December 2023, having shut down its Russian servers in 2019. It shows Surfshark was removed in March 2024 and ExpressVPN was removed between June and August 2024.

However, Surfshark confirmed to Tom's Guide that it "ceased all operations" in Russia, and has no presence or servers in the country, as of March 2022.

ExpressVPN said: "ExpressVPN voluntarily removed our applications from Russian app stores in 2024 for operational reasons."

"We re-enabled our Store listing earlier this month and, to date, have not received the takedown notice supposedly issued to Google."

Private Internet Access (PIA) and CyberGhost are two other big hitters that aren't available. GreatFire data shows PIA was removed sometime between May and December 2024. CyberGhost was removed sometime between June and September 2024.

Two of the most private VPNs, Proton VPN and Mullvad, are still available to download from the Russian Google Play Store.

This is all data recorded by GreatFire and Tom's Guide is unable to verify it first hand.

Proton VPN is one of the only VPNs to still offer physical servers in Russia. It boasts 53 Plus servers, all located in Moscow, and three Secure Core servers. Proton VPN also includes a number of anti-censorship features designed to bypass internet restrictions.

Despite already being unavailable, ExpressVPN was one of the VPNs included in removal requests dated March 13. IPVanish was also included in this list but currently remains available on the Russian Google Play Store.

If you have these VPNs already downloaded then they should work in Russia. However, given Russia's volatile and sophisticated internet restrictions, this isn't always a guarantee.

When Russia disrupted the internet in several regions in December 2024, domestic websites and foreign ones, including YouTube and Google, were unable to be accessed even with a VPN.

VyprVPN is considered one of the best Russia VPNs thanks to its Chameleon protocol, and it is currently available on the Russian Google Play Store.

How to get a VPN in Russia

If the VPN you desire is available to download then you can access it this way. But you can still access certain VPNs even if they've been removed from the Google Play or Apple App Stores.

Many VPNs can be downloaded directly from GitHub – Proton VPN offers this option. If you're looking for one of the best Android VPNs, then F-Droid is a good place to explore.

Some VPNs can be downloaded straight from the providers website and many offer Chrome extensions. The best Chrome VPN extensions are not as feature-heavy as the full VPN product, but can be a lifeline for those living under censorship.

NordVPN, Surfshark, ExpressVPN, Proton VPN, and others all offer a Chrome extension. Windscribe Free is a popular free extension choice and along with Proton VPN Free and PrivadoVPN Free, is one of the best free VPNs out there.

We test and review VPN services in the context of legal recreational uses. For example:1. Accessing a service from another country (subject to the terms and conditions of that service).2. Protecting your online security and strengthening your online privacy when abroad.We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

Russia's internet regulator, Roskomnadzor, has reportedly requested Google remove 47 VPNs from the Play Store.

Some of the best VPNs have already been affected by blockages in Russia, but none were included in this round of requests.

Reports suggest affected providers include Cloudfare's popular DNS resolver, 1.1.1.1, HideMyNetVPN, VPN4TV, and Secure VPN.

The regulator has said VPNs "provide access to banned content" and violate Russian internet laws.

A majority of the demands occurred between 15-21 March 2025, and during this time internet users across several Russian regions, including the Urals and Siberia, experienced widespread outages.

Apps including TikTok, Duolingo, and Twitch were unable to be accessed, and two of the best encrypted messaging apps, WhatsApp and Telegram, faced interruptions.

Roskomnadzor said the outages were due to "the use of foreign server infrastructure where failures are recorded." However many believe the disruption was the result of Russia's recent blocking of 1.5 million Cloudflare IP addresses.

Russia also disrupted the internet in several regions back in December 2024. Dagestan, Chechnya, and Ingushetia were all affected in a rumored test of the country's "sovereign internet structure."

Removal requests not new

This isn't the first time Russian authorities have demanded the removal of VPNs from app stores.

In 2024, NordVPN, ExpressVPN, and IPVanish were targeted for failing to comply with Russia's content censorship requirements and Apple removed popular VPN apps from the Russian app store in July 2024.

In March 2024, the Russian government demanded access to VPN servers hosted in Russia. In response, providers, including NordVPN, removed all servers from Russia.

However, Proton VPN continues to host servers in the country and the best Russia VPNs are still effective in navigating Russian censorship – despite Russia having some of the world's strictest VPN laws.

Because many of the leading VPN providers are banned in Russia, if possible you should download and install the apps when outside of the country.

VyprVPN is our recommended VPN for Russia thanks to its effective Chameleon protocol. The protocol scrambles your internet traffic's metadata, making it hard for censors to detect and block.

Proton VPN's Stealth protocol, NordVPN's NordWhisper, Obscura VPN, NymVPN and others all offer forms of traffic obfuscation, making them effective at bypassing censorship. Your VPN traffic is mixed in with regular internet traffic and is protected against deep-packet inspection (DPI), allowing you to access a free and open internet, free from censorship.

We test and review VPN services in the context of legal recreational uses. For example:1. Accessing a service from another country (subject to the terms and conditions of that service).2. Protecting your online security and strengthening your online privacy when abroad.We do not support or condone the illegal or malicious use of VPN services. Consuming pirated content that is paid-for is neither endorsed nor approved by Future Publishing.

In 2024 Google claims that it blocked just over 2.3 million potentially risky Android apps from the Play Store mostly due to policy violations that would make them dangerous for Android users.

In a blog post, the Google Security team also reported that it banned 158,000 developer accounts who attempted to publish harmful apps, generally ones that were probably malware or spyware.

It's slightly more blocked apps than in 2023, when Google reported blocking 2.8 million apps, but nearly double the number of developers with 333,000 banned at that time.

According to Google, the increase in blocked apps is due to new "AI-powered threat detection." Reportedly, AI was used in assisting human reviews in 92% of the violating cases to identify malware and spyware.

"Today, over 92% of our human reviews for harmful apps are AI-assisted, allowing us to take quicker and more accurate action to help prevent harmful apps from becoming available on Google Play," the post reads.

Beyond banning or rejecting apps and developers, Google also said that it prevented 1.3 million existing apps from getting excessive permissions which could have given devs of those apps access to more sensitive user data.

Google reminds and we agree, that on our end, people need to be vigilant about the apps that are on their devices. "Only trust reputable publishers, keep the number of installed apps at the minimum necessary, scrutinize and revoke risky app permissions," it recommends.

Part of what might have improved Google's detection of malicious apps last year were some major upgrades to its free antivirus app Play Protect throughout 2024. The app is preinstalled on all of the best Android phones and scans both existing apps and any new ones you download (or even sideload) for malware. Likewise, in late October, Google gave Android phones a big security upgrade that gave users more control over what photos and videos apps were able to access.

Google claims Play Protect scanned over 200 billion apps daily and "performs real-time scanning at the code-level on novel apps."

The post also details how app developers were given tools to secure apps from malicious SDKs (software development kits) and abuse.

It sounds robust and likely protects from more intrusions than we actually see. That said, there were plenty of security flaws and trojans that got through last year. So, as users, we need to be wary too when it comes to downloading and installing new apps.

We would add that you should also scrutinize the permissions apps request and reject them when possible. Also, read reviews in the Play Store. While they can be filled with bots and fake reviews, bad apps tend to reveal themselves as more negative reviews get posted.

More from Tom's Guide

• Google Maps just added support for Galaxy S25’s best feature
• TikTok, Google, Amazon, Apple – which is worst for data privacy?
• What to expect from Google in 2025 — Pixel 10, Android 16, Pixel Watch 4 and more

Securing our phones against every threat is one of the hardest parts of owning a smartphone. However, when it comes to protecting ourselves from malicious apps and software, it can be confusing for those who don’t know what they need to look out for. 

I used to work as a phone engineer, and have used that knowledge to help phone owners protect their devices. However, the issue with apps is that knowing something is wrong often comes down to a sense of feeling built on a bedrock of knowledge, rather than something that you can just point out. If you have spent a lot of time with phones, you start to pick up on suspicious things.

Now, one important thing to note is that both the Play Store and Apple's App Store have their defenses in place, but with the rise of third-party app stores it is worth being aware of a few things that can help to protect you from malicious apps. So let's run through a few basic things you need to watch out for, and what you can do if you do happen to download a malicious app. 

What kind of apps can be malicious 

There are more apps now than ever before, and most of them are perfectly safe. However, certain apps can hide malicious intent. Now, there is no tried and true method to know what apps could have a bug, but you can usually tell some of the more obvious. 

First and foremost, anything that sells itself as a crypto app should put up a red flag. Cryptocurrency is certainly on the rise at the moment, and there is a huge issue when it comes to the individuals and “companies” that promote themselves as crypto-focused. Without a doubt, I would say to avoid most crypto apps, especially any that you don’t recognize from a trusted source. The same is true for any gambling apps, as these can drain your wallet in more ways than one. 

It's also a good idea to be very wary of any low-effort game from companies you have never heard of. Now, it is true that smartphones have a large indie gaming market, but that doesn’t mean that all of them are safe to download. Usually, the best way to tell something is up is to check how many other games there are by the developer. For instance, if the game maker’s profile has twenty games that are exactly the same, then you can either guess that they are trying to make a quick buck, or that something shifty is going on. 

Either way, you lose nothing by not downloading these apps regardless. It should also be mentioned that you should never download an app from an ad; instead search for said app in your phone's store, as this will also allow you to check the reviews, which is my next tip for avoiding malicious apps.

Trust real reviews, and the people who make them

One of the best methods when it comes to figuring out the safety of an app is to check the reviews. I know that might sound pretty obvious, but trust me there are still pitfalls to be aware of. Usually, users will make it clear if they have found issues with an app; however that isn't always the case and sometimes the developer will hide real reviews while posting fake ones.

So, the first thing to do when looking at a review section is to be on the lookout for anything that stands out as clearly fake, or like it came from a bot. Fake comments can be hard to spot sometimes, especially with the rise of AI, but there are still a few telltale signs. The first is that bot comments will have very strange grammar, or terrible spelling (at least more than the average person) the rhythm of the comment will also feel off, almost unnatural.

 If you are still unsure, then check the reviewer's profile and see if they have reviewed anything else. if there's only review, or they only review apps from this developer or they always say the same thing, then there is a good chance that they are bots, and as such the developer could be hiding something.

One of the best places to check reviews is from trusted media sources, for instance, any site or company that reviews apps. It is also worth keeping an eye out for any news stories or threads on social media about certain apps. For instance, Reddit has a thriving community of people who check apps. Some of the best are r/Android, r/Privacy and r/scams. However, you can often simply search for the app in question on Google. 

 What to do if you download a malicious app 

Now, all of this is great, but the reality is that downloading apps is often more of a spur-of-the-moment thing. So, how do you know if you have downloaded a malicious app, and what to do about it? Firstly, there are a couple of very obvious things that can happen when your phone has a virus. Some of these include random pop-ups, your phone sometimes feeling very hot, random messages getting sent to your contacts, you start finding fraudulent charges on your accounts and fast battery drain.

There are several things you can do if you notice these things occurring. The first is to make sure that you don’t click any links or ads that pop up on your phone. Secondly, it is worth investing in a good antivirus program, as this will usually inform you of which apps to be aware of and which ones to delete. Finally, change any passwords you have but do not update them on the phone until you have run all the scans and removed any malicious software. We have a comprehensive list of the best antivirus programs that can help you find the best option for you.

Apps are a part of our lives, and understanding what to be aware of can be a challenge in itself. Hopefully, this guide will give you enough initial information to get started on and to avoid one of the worst situations in our modern world. 

More from Tom's Guide

• Samsung Galaxy Z Fold 6 catches fire during durability test — and it’s got a dust problem too
• iPhone 16 Pro Max tipped to arrive in two fresh new colors — bronze and black
• I’ve been using iOS 18 since the beta came out, and this updated app has blown me away

Google frequently updates the sideloading experience on Android, usually citing security reasons, and shows no signs of slowing down. While Android 14 was filled with warnings about the potential danger of sideloading apps, Android 15 may offer a new way to embrace them — with a brand new way to keep these apps updated.

Android Authority uncovered evidence of this in a deep dive of the latest version of the Google Play app. New code suggests that it may become possible to update sideloaded apps from the Play Store, rather than being forced to do it from a third party marketplace or manually installing new APK files. 

Another added bonus is that Google Play may be able to scan these updates for malware, which is one of the biggest risks associated with sideloading apps. So regardless of where those apps originally came from, this may mean added protection without actively making it harder to sideload apps.

The feature appears to be called “Update from Play," and it will apparently clearly show which apps originated from Google Play. This last part also means there is an option for downloading an update from the original source, if that’s possible, or whether there’s an update available in Google Play itself.

The ability to differentiate between Play and non-Play apps is pretty important. In my experience I’ve found that Google Play will detect and try to update sideloaded apps I previously downloaded from Google’s Store. But considering I deliberately sideloaded an older version to access now-removed features, you can imagine how frustrating it can be to constantly be asked to update.

Right now, the best I can do is turn off auto-updates. But if some future version of Google Play will flag that this is a sideloaded app, and stop asking me if I want to update, then I’ll be much happier.

Since this is just code in the app, we don't know when this may roll out to the public. In fact there’s no telling whether this is just placeholder text, or if the feature is actually close to actually working. So we’ll just have to be patient and see what Google has planned for us going forward.

More from Tom's Guide

• Apple Intelligence won't be complete until 2025 — but one Siri upgrade will arrive before then
• The Samsung Galaxy Z Flip 6 has significantly cut down my screen time — here's how
• Samsung Galaxy S25 Ultra just tipped for huge battery life boost

Google’s making it easier and more intuitive for people to explore their favorite apps and games in an upcoming massive update to its Google Play app. Most of us just graze over that app, but the next time you check it out, you’ll notice some big changes that introduces AI-generated app reviews, intelligent curated content, multi-gaming on a PC, and a revamped rewards system with more ways to earn points for playing your favorite games.

It doesn’t end there because soon you’ll be able to read comic books in a totally new way directly from the Google Play app. With millions of Android devices out there, this update will make Google Play a destination that’s worth checking out apart from downloading new apps.

While most of these new features are being rolled out with the latest version of the Google Play app, other features are coming later. Here’s everything new with Google Play.

Explore new content with Collections

Don’t you hate having to find something good to watch on Netflix or perhaps an audiobook for your commute to work? The new Collections experience with Google Play takes the hassle out of finding new content for you to consume by curating relevant selections across all the apps you use on your Android device.

It’s broken down into different categories consisting of watch, listen, food, social, read, and games. There’s even a collection for shopping, which lists stuff you might be interested in buying, as well as any special sales going on at different places. 

One feature we'd like to see — and which is something Google says it's looking to explore — is the ability to get reminders on when specific products go on sale.

AI-generated app reviews

Now this one could be contentious, since your first inclination is to think that AI’s going to be writing up a full review — but it’s not being used that way. Instead, the feature taps into Gemini models to generate helpful information based on the most important reviews and frequently asked questions.

Rather than reading through all the user reviews, AI will go through them and pick out the most important stuff you should know about, so you’re not wasting time sifting through endless reviews yourself. There’s also going to be an apps highlight feature that compares apps in similar categories.

Read comic books in Curated spaces

The Google Play app will feature Curated spaces that allow you to explore new topics. For example, there’s a curated space for cricket to help people explore all cricket content across various channels in one place.

Another one we got to preview is the curated space for comics in Japan, where you’ll be able to read manga and comics-related content through Google Play — with free first chapter previews, the ability to interact with live events, and fan reviews. This new level of interaction gives publishers more ways of interacting with their fans on live events.

Multi-gaming on PC

Google Play Games on PC has been in beta for a while now, but this new update introduces the ability to play two Google Play games on a PC simultaneously. Now, you’re probably wondering how this could be beneficial?

Well, if you’re playing a passive game like Clash of Clans that simply requires you to collect resources while playing the game, you can use this new multi-gaming feature to run a second game that’s more action driven — all without closing the other game. In addition to this, many of the titles will support higher resolutions for the best gaming experience on PC.

More ways to earn points for free perks

Who says it doesn’t pay to play? Google’s giving gamers an extra incentive to play their favorite Android games with a revamped rewards system, which can land you prizes like Pixel devices, gaming products, and other merchandise.

You’ll continue to earn points just as before with select titles, but Google’s launching additional ways of earning points through the perks portal of the app — with Super Weekly Prizes for Diamond, Platinum, and Gold members. All of these accumulated Google Play Points could be used for a dozen of things other than physical gifts, including services such as Google One or YouTube Red.

More from Tom's Guide

• I've been using the Galaxy Z Fold 6 for a week — this AI feature blew me away
• Save up to $1,500 with the best Galaxy Z Fold 6 pre-order deals 
• I took 250 photos with OnePlus Nord 4 vs. Google Pixel 8a — here's the winner

Google is done messing around with garbage apps on the Play Store that don't do anything. 

I'm being a little more harsh than Google, but the general idea remains true: The company is planning to purge "low quality" apps from its store starting August 31st.

Regarding what constitutes "low quality" from an app perspective, Google describes them as apps with "limited functionality and content" on its Spam and Minimum Functionality policy page. 

"Apps should provide a stable, responsive, and engaging user experience. Apps that crash, do not have the basic degree of adequate utility as mobile apps, lack engaging content, or exhibit other behavior that is not consistent with a functional and engaging user experience are not allowed on Google Play," reads the page.

Some examples would be barebones text-only apps, ones that do nothing but offer a single wallpaper, or those that are actually designed to do nothing. Starting August 31, if one of these apps is submitted to the Play Store, it'll be rejected. 

The change will allow Google to "ensure apps can meet the uplifted standards for the Play catalog and engage users through quality functionality." 

While this particular crackdown is new, Google has made plenty of attempts to clean up the Play Store in the past, and they've been relatively successful. For example, in a blog post, Google said that "we prevented 2.28 million policy-violating apps from being published on Google Play in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes."

Google already had rules in place to keep out apps that don’t install or apps that install but don’t load, and this new rule beefs up the requirements, which is always a good thing for users just trying to find the apps they want on the Google Play store.

More from Tom's Guide

• Apple tells over a billion iPhone users to stop using Chrome — here’s Google’s response
• Google Pixel 9 Pro official design just revealed by Google — here’s your first look
• Google Messages is about to fix one of its biggest issues — what you need to know

One annoyance with the Google Play Store is that it doesn't auto launch apps after they've been installed. Instead, you need to find the app in your library or where ever it gets put on your home screen.

Reported by Android Authority, it looks like Google is finally working on building a feature that actually auto opens newly installed apps from Play Store. 

Android Authority performed an APK teardown on version 41.4.19 of the Google Play Store. Features found in this teardown showed in-progress code that hint at possible future features. Though, it's not a guarantee this upgrade is coming.

The feature they discovered is called App Auto Open. Like the namesake, it will automatically open an app once it's installed from the Play Store.

It appears that as part of this feature, a notification will pop up when App Auto Open activates. It will ring or vibrate your device depending on how it's configured. The feature also appears to be toggleable as well but looks like it will be  looks like it will be on by default.

Android Authority says that despite workarounds they couldn't get the feature to actually work in their breakdown. Instead, they found the code but it's not live yet.

It's too bad though, as this is a long-needed feature and it's surprising that Google has yet to actually implement it across devices running Android 15 yet.

Coupled with the alleged new notification for the Google Play Store, as seen Android Police, App Auto Open would be a boon. The notification system sends users a reminder 24 hours after the installation of an app if it is left unopened.

Assuming both features actually release you could automatically get an app opened or be reminded you forgot to open it once it's installed on your Android smartphone. It could also be combined with the recently released feature that allows for simultaneous downloads.

More from Tom's Guide

• Android users will soon be able to download more than one app at once
• These are the best Android phones you can buy right now
• Google just added back one of my favorite Android favorites

Bad apps can wreak havoc on the best Android phones, which is why you always need to be careful when installing new ones. However, even when you download new software via the Google Play Store there’s still a chance that you could end up with a malicious app on your phone.

As reported by BleepingComputer, the cybersecurity firm Zscaler has revealed that it has discovered more than 90 malicious apps on Google Play which were collectively installed 5.5 million times.

While the firm hasn’t provided the names of most of these malicious apps, we do know that many of them impersonated productivity, personalization and health & fitness apps along with other utilities.

Here’s everything you need to know about this latest batch of bad apps including the names of two of them that you need to remove immediately if they’re installed on your Android devices.

Delete these apps right now

As I mentioned before, Zscaler has yet to release the full list of the 90+ malicious apps it discovered over the past few months. However, it did provide info on two particularly dangerous apps in a new report that you should delete immediately if you have them installed:

• PDF Reader & File Manager by TSARKA Watchfaces
• QR Reader & File Manager by risovanul

Fortunately, both of these apps have been removed from the Google Play Store and are no longer available for download. However, if you have them installed on your Android phone or tablet, you’re going to need to manually uninstall them.

Dropper apps hiding in plain sight

As we’ve seen in the past, bad apps can slip through the cracks and end up on the Google Play Store. Both of the apps listed above are what’s known as malware droppers and according to Zscaler, together they’ve been installed 70,000 times combined.

These dropper apps are able to bypass Google’s rigorous security checks as they don’t contain malware when uploaded to the Play Store. Instead, the apps communicate with a hacker-controlled command and control (C&C) server after installation to download malware.

In this case, both of these utility apps are being used to infect vulnerable Android phones with the Anatsa banking trojan. This Android malware targets over 650 banking apps in the US, the UK, Europe and Asia in order to steal their financial credentials. In fact, during a malware campaign late last year, Anatsa was able to infect 150,000 Android phones through Google Play using bad apps.

Just like with other banking trojans, Anatsa uses overlay attacks to steal your banking credentials. These overlays are actually fake websites designed to mimic the look and feel of the login pages of popular banking apps. However, instead of logging into your account, you’re also giving hackers your username and password.

Anatsa can also commit on-device fraud by launching banking apps on its own and performing transactions on behalf of victims. Not only does this save the hackers time but it also improves their chances of success since someone logging into their account on their own device doesn’t raise nearly as much suspicion as it would on a different Android phone.

How to stay safe from malicious apps

In order to stay safe from this and other Android malware strains, you’re going to want to limit the number of apps on your phone. Even seemingly innocent apps can be used to drop malware onto your device which is why you really want to ask yourself whether or not you need a particular app before downloading and installing it.

For this reason, you want to stick to bigger, more widely known app developers that have a history of putting out good software. Likewise, you’re much less likely to come across malware when going with paid apps as opposed to free ones. Before installing any app, you also want to check its rating and reviews but as these can be faked, it’s a good idea to look for video reviews online so that you can see the app in question in action before you download it.

To protect yourself and your devices from malware, you want to make sure that Google Play Protect is enabled on your phone as it can scan all of your existing apps and any new ones you download for malware. For additional protection and some useful extras like a VPN or even a password manager, you might also want to look into running one of the best Android antivirus apps alongside it.

In an email to Tom's Guide, a Google spokesperson provided further insight on these malicious apps, saying:

“All of the identified malicious apps have been removed from Google Play. Google Play Protect also protects users by automatically removing or disabling apps known to contain this malware on Android devices with Google Play Services.”

Hopefully Zscaler releases the full list of the 90+ malicious apps it has discovered over the past few months. Even if it doesn’t though, this new Anatsa campaign serves as the perfect reminder that you always need to be careful when downloading and installing new software even when it’s from official app stores.

More from Tom's Guide

• Android banking trojan uses fake Google Play updates to take over your phone
• Massive Ticketmaster data breach reportedly hits over 500 million customers
• Hackers have leaked the criminal records of millions of Americans online

Google is bringing back a useful feature to Google Play. Now, you can go to the Google Play Store with your Chromebook or Android phone and remotely remove applications. If you suddenly hear about an app that's stealing user data and you can't get your hands on a device with that app installed, you could use this returning feature to remove it. 

This feature has been missing from Google Play for approximately 10 years, so it's nice to see it making a triumphant return. Remote app removal was first spotted by Android Authority, and it seems to work just as smoothly as it did when the feature was removed a decade ago. 

If your phone or Chromebook has it enabled (it's rolling out gradually, so you may not have it just yet), here's what you need to do to remove an app from a different device:

1. Tap on your profile icon in the top-right corner of the screen.
2. Tap Manage apps & device.
3. Touch the Manage tab.
4. Tap the arrow in the box that says This device in the top-right of the screen.
5. Touch the device you want to remove the apps from.
6. Tap the box next to the apps you want to remove.
7. Touch the trash icon to delete the apps.

The steps are the same if you're using a Chromebook. However, as of this writing, the feature doesn't work on the web version of the Google Play Store, which could be a security limitation implemented by Google to give you more control over who can remove apps from your devices.

Again, this feature is rolling out gradually, so you may not see it on your device yet. If you don't, there's no way to rush it, so you'll need to wait for it to arrive. Either way, it's nice to know the feature is coming if it's something you think you'll use. Anytime a new (or returning feature) makes its way to Android, it's a good thing.

More from Tom's Guide

• YouTube seems to have found a new way to counter ad blockers — and it's super annoying
• The best Google One VPN alternatives
• Samsung Galaxy Z Flip 6 and Galaxy Ring specs just leaked at the FCC — here’s what we know

Accidentally downloading a malicious app onto your Android smartphone is now even less likely on the Play Store as Google has been cracking down on bad apps and misused developer accounts. In fact, the search giant blocked more than 2 million Android apps from being published on its store in the last year alone.

As reported by BleepingComputer, Google also blocked 333,000 Google Play developer accounts that were found uploading malware and fraudulent apps or repeatedly violating its policies. This number is almost double what was in 2022 when the company suspended 173,000 developer accounts for doing the same thing. Likewise, the number of bad apps Google blocked has increased from 1.5 million in 2022 to approximately 2.28 million in 2023.

If you’re using one of the best Android phones, here’s everything you need to know regarding what Google is doing to keep the Play Store safe from bad apps, along with some steps to avoid them altogether.

SAFE principles and security initiatives

The main way that Google has bolstered the security of the Play Store for both Android users and developers is through its ‘SAFE’ principles which include safeguarding users, advocating for developer protection, fostering responsible innovation and evolving platform defenses according to a blog post.

At the same time, the search giant has also implemented a more stringent developer registration and ID verification process for developers. Likewise, independent security reviews are being conducted and the best Android VPN apps now have badges.

Google has also implemented real-time scanning to block malware from starting in the first place and made SoC-level flaws more difficult to exploit through firmware hardening. To make things easier and safer for developers, the company has expanded its SDK index which now covers 6 million apps to help them pick safe software development kits for their projects.

Risky permissions are often used by malicious apps, which is why Google has now rejected or remediated almost 200,000 app submissions. This way, bad apps won’t be able to take advantage of sensitive permissions like background location or SMS access for nefarious purposes.

How to stay safe from malicious Android apps

While Google has done plenty to make the Play Store and the apps it contains safer, there are still a few things you can do to avoid having your Android smartphone infected with malware.

For starters, you want to avoid sideloading apps as they don’t go through the same rigorous security checks that apps downloaded from official stores do. It may seem convenient to sideload an APK file onto your Android phone but most of the time, it’s not worth the risk.

If you do sideload apps or download apps from unofficial app stores, you need to make sure that Google Play Protect is enabled as it can scan all of your existing apps and any new ones you download for malware. It could also be worth investing in one of the best Android antivirus apps for additional protection and you may also get a few extras too like a VPN or a password manager bundled with them.

Finally, I highly recommend you limit the number of apps installed on your phone in general. The fewer apps you have, the less likely that one will be malicious. If you stick to known and trusted apps from reputable brands instead of just downloading new apps haphazardly, you and your Android phone should be safe.

More from Tom's Guide

• This new Android banking trojan impersonates Chrome to steal your money
• FBI warns scammers are using ‘free’ verification services to dupe dating app users
• 2 million hit in massive debt collector data breach — full names, birth dates and SSNs exposed

Google has recently started to roll out the long-awaited ability for Play Store users to simultaneously download two apps — a feature the company has been working on for several years.

According to a recent report from 9to5Google, the feature only works for new installs and will only work for two apps. If you select two differing downloads you can see them download simultaneously in the store and on the home screen. If you select more than two apps to download the third will be listed as pending until one app finishes. 

Google Play’s simultaneous downloads do not apply to application updates, which would arguably be more useful as those are the more common downloads. We can only hope that the feature to download multiple updates will come in a later update as Google gets more comfortable with the software. According to 9to5Google, this feature has been seen on several Pixel phones and tablets running Android 14 and version 40.6.31 of the Play Store.

Google Play has seen several recent updates, including a recent security update where Google emailed Android users about an upcoming Play Store chance to encourage purchase verification via biometric identification. Turning on biometric verification in the Play Store currently requires your Google Account password to proceed. However, this will be done via fingerprint or facial recognition in the future instead.

This increased security comes as certain threats from the Play Store seem to be on the rise. It was recently reported several apps from the Play Store hold malicious malware and adware programs that have infected millions of phones. There have also been several reports that malicious loader programs are being sold on the dark web, which allows hackers to install programs onto legitimate apps.

The news that Google has finally released multiple downloads is great for Pixel users, but with that increased download capability comes added risk. However, It appears that Google is aware of the issue and is working to fix it as we speak. However, it could be worth holding off on any major downloads until Android 15, which we expect to be announced at the next Google I/O. Keep an eye on both our hubs for all the information and rumors as we hear them. 

More from Tom's Guide

• iOS 18 will offer more than just AI, including updating several core iPhone apps — here’s what we know
• Circle to Search on Galaxy S24 and Pixel 8 gets way better when you use it like this
• Forget satellite communication — 7 features Android needs to steal from the iPhone

Even with one of the best Android phones you still need to be careful when downloading new apps onto your device. Case in point, 28 apps were recently discovered on the Google Play Store which were being used by hackers to turn the smartphones they were installed on into proxies.

As reported by BleepingComputer, HUMAN’s Satori threat intelligence team discovered that these seemingly harmless apps were actually doing something shady in the background. Of the 28 apps listed in its report, 17 of them were posing as free VPN software.

While the best free VPN apps and services can help further protect your privacy online, you always need to be careful when installing one onto your devices. As the person who tests VPNs for our reviews on Tom’s Guide, I highly recommend you invest in one of the best VPN services instead as these paid solutions are much more reputable and many of them have their apps and services audited by third-parties to ensure they don’t contain any vulnerabilities or malicious code.

Although having your phone turned into a proxy isn’t nearly as bad as having it infected with Android malware, it’s still cause for concern. Residential proxies do have legitimate uses like for market research and search engine optimization but in the wrong hands such as in this case, they can be used for all manner of malicious activities from ad fraud to phishing and even credential stuffing.

Here’s everything you need to know about these good apps gone bad along with some tips on how to stay safe from malicious apps.

Delete these apps right now

Some of the apps listed below no longer contain the malicious code that was used to turn Android smartphones running them into proxies. For those worried that hackers could be using their devices for cybercrime though, it’s recommended that you manually delete these apps if you have any of them installed on your smartphone.

• Lite VPN
• Anims Keyboard
• Blaze Stride
• Byte Blade VPN
• Android 12 Launcher 
• Android 13 Launcher 
• Android 14 Launcher 
• CaptainDroid Feeds
• Free Old Classic Movies 
• Phone Comparison 
• Fast Fly VPN
• Fast Fox VPN
• Fast Line VPN
• Funny Char Ging Animation
• Limo Edges
• Oko VPN
• Phone App Launcher
• Quick Flow VPN
• Sample VPN
• Secure Thunder
• Shine Secure
• Speed Surf
• Swift Shield VPN
• Turbo Track VPN
• Turbo Tunnel VPN
• Yellow Flash VPN
• VPN Ultra
• Run VPN

Turning phones into proxies

The one thing that all 28 of these apps have in common is that they were using a software development kit (SDK) from LumiApps. The company also runs an Android app monetization platform which uses a device’s IP address to load webpages in the background and send any data it retrieves to companies. 

Normally, this is from well-known sites and is “done in a way that never interrupts the user and fully complies with GDPR/CCPA” according to LumiApps’ website. All of this is done with the end goal of helping companies “improve their databases, offering better products, services and pricing.” 

On paper, this seems harmless albeit a little intrusive but you get what you pay for when you download free apps instead of paid ones. What LumiaApps likely didn’t expect is that hackers would figure out how to use its app monetization platform for their own gain.

After conducting an investigation into these 28 apps, HUMAN’s security researchers discovered that they all contained a Golang library used to perform proxying called “Proxylib”. The first app the firm found that contained Proxylib was a free Android VPN app called Oko VPN. The security researchers later found that this same library was used by LumiApps’ Android app monetization service.

Based on the findings of its investigation, HUMAN believes these malicious apps are linked to a Russian residential proxy service provider called Asocks. It’s worth noting that Asocks’ service is often advertised on hacking forums online.

At the beginning of this year, LumiApps released a new version of its SDK which included Proxylib v2. Apparently, this was done to address “integration issues” but it’s unclear as to whether or not it can also be exploited by hackers in their attacks.

Google has since removed any of the remaining apps as well as any new ones using the LumiApps SDK from the Play Store. Likewise, some of the developers who were using the SDK have removed it too to fix their apps, though some have republished the same apps using different developer accounts.

How to stay safe from malicious apps

When it comes to protecting yourself and your devices from malicious apps, the first thing you want to do is to avoid installing unnecessary apps on your Android smartphone. Ask yourself if you really need the app in question and from there, you want to check its rating and reviews before you install it. Keep in mind though that reviews and ratings can be faked which is why I always suggest looking at video reviews so that you can see the app in question in action.

On the security front, you want to make sure that Google Play Protect is enabled as it scans both your existing apps and any new ones you download for malware and other threats. For additional protection though, you should consider installing one of the best Android antivirus apps, too.

As for free VPN apps and free VPNs in general, I really can’t recommend them. Most VPN services are quite inexpensive for what they provide and if you shop smart, you can often get a great deal on ExpressVPN, NordVPN, Surfshark or other top providers. For instance, I purchased a two-year subscription to Surfshark at a steep discount on Black Friday a year and a half ago and it’s still going strong.

Hackers and other cybercriminals will continue to release malicious apps and to try and turn good apps bad by injecting malicious code into them. This is because there’s just so much personal and financial data on our smartphones these days. Due to this, it’s up to you to think carefully and do the appropriate research before installing any new app on your smartphone regardless of how popular it may be.

More from Tom's Guide

• Hackers have found an insidious way to attack you with malware
• I test VPNs for Tom’s Guide and these are 3 must-have features to look for
• Malicious Android malware apps downloaded 150,000 times from the Play Store

If you've used an Android phone at any point in the past seven years, Google could soon be offering you a court-mandated payment as the result of an anti-trust lawsuit.

This "gift" is all because of the case Utah et al v. Google, launched in 2021, between Google and 36 U.S. states (plus Washington DC) over how Google operates the Play Store, the primary gateway to apps on Android phones. Google was accused of making it hard for developers to sell their apps elsewhere, and taking an overly large cut of payments for itself in the process, something which the court has decided is indeed anti-competitive.

• JUST IN: Full Galaxy S24 specs and launch date just leaked! 

As part of the newly publicized settlement, as explained in a Google-issued statement, the company will be setting up a $630 million settlement fund to be "distributed for the benefit of consumers according to a Court-approved plan," plus another $70 million which is being handed over to the plaintiff states for their own payouts.

On top of this, Google has promised to make "sideloading" — downloading and installing apps manually from outside the Play Store — easier, as well as revamping its warning screens to better inform users about the risks of doing this. It also emphasized how Android 14 has made using third-party app stores work better (referring mainly to manufacturer-specific stores like the Galaxy Store on Samsung phones), and promised an expansion of User Choice Billing to let users pay for apps using alternate methods to Google's own payment systems.

Who's eligible for the Google Play payout?

In order to get a share of the $630 million payout, you need an address in one of the U.S. states, or Washington D.C., Puerto Rico or the U.S. Virgin Islands, and to have used that address when making purchases through the Google payment system.

You also need to have bought something via Google Play Billing, such as buying an app, making an in-app purchase or subscribing to a service, between August 16, 2016 and September 30, 2023. Unless you stick exclusively to free apps, there's a high chance you're entitled to at least a little money if you used an Android phone during this time. This could be as many as 102 million users, according to the Washington Post. 

Unfortunately, we don't know how these payouts will be delivered, or indeed when they or the Play Store updates will appear. We're going to have to wait to see if September's initial settlement (via Reuters) becomes official and Google's promises are judged to be appropriate remedies. But it seems that at least the plaintiffs, writing in a court filing, expect up to 70% of the payments to happen automatically, which would make things super easy for the majority of users.

Note that while Google's lawsuit with Epic Games bears some similarities, it's not actually linked to this judgment. The court has currently sided with Epic, but Google intends to appeal, so expect more legal news about Google and its alleged monopolizing soon.

More from Tom's Guide

• I review phones for a living — and my top 3 picks of the year are on sale right now
• The same thing keeps breaking on my iPhones — but I found a solution
• iPhone 16 Pro Max vs iPhone 15 Pro Max: Biggest expected upgrades

Google is cracking down on the slew of sub-par apps in its Play Store as part of its latest effort to show that it's taking concerns about Android security seriously. This week, Google announced stricter requirements for developers to follow if they want their apps to become available to the public on the best Android phones via the Play Store.

Previously, testing your app on the Play Console, Google's testing, management, and reporting platform for Android apps listed in the Play Store, was optional. But moving forward, new personal developer accounts will have to test their app with at least 20 people for a minimum of two weeks before it'll be allowed on the Play Store. This requirement will start rolling out in the next few days. 

The idea is that this two-week timeline will give developers more opportunity to gather feedback on bugs and security issues and patch them before the app goes live. In an Android Developers blog post, Google said developers who use its testing tools see on average three times more installs compared to those who don't. Those developers also get more engagement on their apps and games. 

"As more developers use new technologies in their mobile apps, apps on Play are becoming more sophisticated — but so are abuse methodologies," wrote Google Play's director of product management, Kobi Gluck. "To ensure we continue to provide a safe and trusted experience, our global review teams now spend more time assessing new apps to make sure they provide a valuable user experience that does not deceive or defraud users, either via the app or off-Play activity, and complies with our policies."

He added that while Google does not expect this new mandate to significantly impact overall app review timelines, it may take longer to review certain apps, such as those designed for children or ones that request certain device permissions. 

How to stay safe from adware and malicious apps

Recently, Google also rolled out a new Independent Security Review badge in the Play Store, which indicates which apps have successfully undergone a Mobile Application Security Assessment (MASA) audit. This process enables software developers to have their apps independently validated against a global security standard as a way to signal to users that what they're downloading on their phones has been designed to meet industry mobile security and privacy minimum best practices.

Looking out for this badge is one way to suss out otherwise legitimate-looking apps while you're browsing the Play Store. Beyond limiting how many apps you have installed, consider using one of the best Android antivirus apps for extra protection. 

If you’re on a tight budget though, Google Play Protect is good in a pinch, as it scans both your existing apps and any new ones you download for malicious code. Google Play Protect recently added real-time scanning so that whenever you go to install a new app, you're prompted by Android's built-in antivirus software to perform an app scan to check if it's safe. If something dangerous is uncovered, Google Play Protect will block the app and prevent you from installing it.

More from Tom's Guide

• These Android adware apps with over 2 million downloads put you at risk
• The best parental control apps for Android and iPhone
• NSFW Facebook ads used to spread dangerous malware — don’t click on these

To give users more peace of mind and show that it's taking concerns about Android cybersecurity seriously, Google's rolling out an Independent Security Review badge to highlight which Android VPN apps have gone through an independent security audit. 

Last year, the App Defense Alliance, a collaboration between Google, ESET, Lookout, and Zimperium launched in 2019 to solve the Play Store's persistent malware problem, introduced the Mobile Application Security Assessment (MASA) audit. This process enables software developers to have their apps independently validated against a global security standard as a way to signal to users that what they're downloading on their phones has been designed to meet industry mobile security and privacy minimum best practices. The logic is that if developers go the extra mile on their end to mitigate security vulnerabilities and users can make more informed decisions prior to downloading new apps, hackers will have a harder time breaking into users' devices, thus improving the app quality across the ecosystem as a whole if you have one of the best Android phones.

Apps that receive a badge have successfully undergone a MASA audit. To maintain the badge year over year, app developers will need to undergo another independent audit annually. 

“While certification to baseline security standards does not imply that a product is free of vulnerabilities, the badge associated with these validated apps helps users see at-a-glance that a developer has prioritized security and privacy practices and committed to user safety,” Nataliya Stanetsky of the Android Security and Privacy Team said in a Google Security Blog post this week.

Now when you search for the best VPN apps in the Play Store, you should see a banner at the top that points you to the Data Safety Section to better understand what the new badge means. If you click the option to Learn More, it redirects you to the App Validation Directory, "a centralized place to view all VPN apps that have been independently security reviewed."

"We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle," Stanetsky explained.

"VPN providers such as NordVPN, Google One, ExpressVPN, and others have already undergone independent security testing and publicly declared the badge showing their good standing with the MASA program," she added. 

It's all part of Google's broader push to make the Data Safety Section a one-stop shop for understanding cybersecurity practices in the Play Store. There you can also find details about what kind of data apps are collecting from you, for what purpose, and whether it's being shared with third parties. 

How to stay safe from adware and malicious apps

While keeping an eye out for the Independent Security Review badge is a start, there are plenty of other ways you can better insulate your phone from malware attacks. In addition to limiting how many apps you have installed, consider using one of the best Android antivirus apps for extra protection. 

If you’re on a tight budget though, Google Play Protect is good in a pinch, as it scans both your existing apps and any new ones you download for malicious code. Google Play Protect recently added real-time scanning so that whenever you go to install a new app, you're prompted by Android's built-in antivirus software to perform an app scan to check if it's safe. If something dangerous is uncovered, Google Play Protect will block the app and prevent you from installing it.

More from Tom's Guide

• These Android adware apps with over 2 million downloads put you at risk — delete them now
• The best parental control apps for Android and iPhone
• NSFW Facebook ads being used to spread dangerous malware — don’t click on these

In order to prevent hackers from sneaking malware onto the Play Store, Google has announced a new developer requirement designed to reduce the likelihood that malicious apps could end up on its Android app store.

As reported by BleepingComputer, Android developers registering as an organization to put their apps on the Play Store will now be required to provide a valid D-U-N-S number before submitting their apps for approval.

The malicious apps that manage to bypass Google’s security checks often appear as legitimate apps when submitted for review. However, after the review process is complete, the hackers behind them then add malware to their apps or have the apps themselves download other malicious payloads.

While these malicious apps are then removed from the Play Store and the developer accounts that submitted them are banned, it’s quite easy for hackers and other cybercriminals to create a new account and then submit these same dangerous apps under a new name. 

Once this change goes into effect though, it will be a lot harder for hackers to get around Google’s restrictions since they’ll need a valid D-U-N-S number to submit new apps.

What is a D-U-N-S number?

A D-U-N-S or Data Universal Number System number is a unique nine-digit identifier that is issued by the data and business analytics firm Dun & Bradstreet. Each of these numbers is then assigned to a unique business.

In order to request a D-U-N-S number from the firm, Android app developers and other businesses first need to submit several documents in order to help verify the information they’ve provided. Receiving a D-U-N-S number can also take up to 30 days which is quite a lot of time for an app developer interested in making money from having their app listed on the Google Play Store.

Although you’ve likely never heard of D-U-N-S before, the standard is used by the U.S. government, the European Commission, the United nations and even Apple, as it’s considered very trustworthy. Setting up a new company to return to the Play Store is also the kind of hassle that will prevent hackers and other cybercriminals from trying to distribute their malicious apps on the platform.

Besides requiring that all new developers have a valid D-U-N-S number, Google is also changing the “Contact details” section on app listings on the Play Store by renaming it to “App support” and adding even more information about each developer.

According to a blog post announcing these new changes, Google says that all new Android developers will need to provide a valid D-U-N-S number when creating their accounts beginning on August 31. Later this year though, all existing developers will also be required to update and verify their existing accounts.

How to stay safe from Android malware

Even with Google implementing these new requirements to make the Play Store safer from malware, there will still be malicious apps that can drain your bank account, steal your identity and more. While you won’t find them on the Play Store as often, hackers will likely use sideloaded apps to infect unsuspecting Android users with malware.

As such, you should avoid sideloading any app onto the best Android phones despite how simple and fast the process of doing so may be. Instead, you should only download new apps from official app stores like the Play Store, Amazon App Store and Samsung Galaxy Store.

Although Google Play Protect comes pre-installed on most Android phones to defend against malware, you may also want to consider installing one of the best Android antivirus apps for additional protection. Still, if you’re on a tight budget, Google Play Protect can scan all of your existing apps and any new ones you download for malware.

At a time when many Android users are upgrading to the best iPhones, this new requirement should help make the Play Store even safer and might make users pause before switching from Android to iPhone.

More from Tom's Guide

• Dangerous Android trojan targets 600 banking apps and it's draining accounts
• This new Mac malware is stealing passwords, credit card info and more
• Over 400 million infected with Android spyware — delete these apps right now

Cybersecurity analysts uncovered two file management apps available on the Google Play Store that are actually spyware, putting the privacy and security of up to 1.5 million Android users at risk. So if you have one of the best Android phones with these apps installed, delete them right away.

The fishy apps are File Recovery & Data Recovery and File Manager, according to an alert this week from Pradeo, a leading mobile cybersecurity company. The apps, both from the same developer, are programmed to launch without any input from the user and quietly send sensitive user data to servers based in China. 

File Recovery & Data Recovery was downloaded more than 1 million times, and roughly 500,000 people installed File Manager, according to screenshots of their respective Play Store pages shared in Pradeo's report. 

How your data may be at risk

Per Bleeping Computer, Google only recently kicked the apps off the Play Store. The developer behind both apps is listed as Wang Tom in the Play Store screenshots. So while you may find several apps named File Manager in the Play Store, only the one with the developer Wang Tom has been found to be spyware. 

The apps say they don't collect any data from the user's device, but it turns out this wasn't the case. Pradeo's behavioral analysis engine found the apps exfiltrate the following data: contacts saved in your device; email and social network contacts; pictures, audio and video compiled in the app; real-time user location; device brand and model; mobile country code; network provider name; and operating system version number. All without ever requesting permission to collect this information.

While the apps may have a legitimate reason to collect some of the data above to optimize performance and ensure compatibility across devices, most of it is not required for file management and data recovery operations. 

Even more alarming is the sheer amount of data being transferred while the user's none the wiser. Each app performs more than a hundred transmissions, "an amount that is so large it is rarely observed," Pradeo notes.

How the spyware hides in plain sight — and where to find it

The apps can also abuse the permissions the user approves during installation to restart the device and quietly launch in the background. And deleting them off your phone comes with its own hoops. The apps conceal their home screen icons to make uninstallation more of a hassle, as users have to go to their application list in the Settings menu to delete them.

So if you have either File Recovery & Data Recovery or File Manager installed and you don't see them on your home screen, head to your Settings menu ASAP to get rid of them. 

Again, the only app named File Recovery that Pradeo found to be spyware lists the developer as Wang Tom. Other apps titled File Recovery that you may come across in the Play Store should be fine, but read on to learn more about how to best protect your device from these kinds of tactics moving forward.  

How to stay safe from Android malware

Unfortunately, cybersecurity is like fighting a hydra. You cut off one head, and 10 more pop up in its place. If you're wondering how to best keep your phone protected from malicious apps on Android, consider equipping it with one of the best Android antivirus apps. Not only can they shield your handheld from spyware and malware, but they can also keep you safe from becoming a victim of identity theft. 

Even legitimate or seemingly innocent-looking Android apps can become compromised by bad actors. In April, a report found malicious loader programs bought on the dark web are enabling hackers to hide malware in legitimate apps to get around Google's defenses and end up on the Play Store. Also known as dropper apps, these programs often present themselves as legitimate software. But once they've cleared the Play Store's review process, they then receive malicious updates from a hacker-controlled server. Their creators often wait until the apps have a large user base before pushing a malware-infected update out to target the most users as possible. 

Google rolled out several new updates to its Android ecosystem in June, including a handy little security feature that lets you see if your Gmail address has been exposed on the dark web.

More from Tom's Guide

• Best Prime Day deals right now — 81 sales I recommend 
• How to speed up your Android phone or tablet
• 7 Android upgrades coming to your phone right now

The popularity of OpenAI’s ChatGPT is putting users who want to try out the AI chatbot on their smartphones at risk of losing their hard-earned cash.

While we’ve seen fake ChatGPT apps spreading malware in the past, a new report from the cybersecurity firm Sophos has revealed that app developers are also creating fake ChatGPT apps to trick users into paying for expensive subscriptions.

During its investigation, the company’s security researchers looked at five ChatGPT apps on the App Store and Google Play Store. Although these apps aren’t malicious, Sophos says they are actually fleeceware as they “bombard users with ads until they sign up for a subscription.”

Most of these types of apps are free to install but since the free versions “have near-zero functionality and constant ads” according to Sophos, users are more likely to sign up for a subscription. These subscriptions can get quite expensive, with their developers charging anywhere from $10 a month to $70 a year.

For instance, the iOS version of Chat GBT called “Ask AI Assistant” charges $6 a week or $312 for the year after its free three-day trial is up. Just in March of this year, the app brought in $10,000 for its developers. However, another fleeceware-like app called Genie brought in $1 million over the past month, according to data from SensorTower.

Fleeceware apps vs malicious apps

Sophos was actually the first to spot fleeceware on the Play Store back in 2019. One interesting thing about all of these kinds of apps is that they are designed in such a way “to stay on the edge of What’s allowed by Google and Apple in terms of service.”

Malicious apps often operate in a similar way but unlike fleeceware apps, they can infect the best Android phones with dangerous malware. Still though, you want to be on the lookout for fleeceware as these types of apps can end up costing you quite a lot of money if you aren’t careful.

Besides overcharging users for functionality that is free elsewhere, the creators of these apps also use social engineering and coercive tactics to trick users into signing up for recurring subscriptions. Even then though, many of these apps are often poorly written and upgrading to the paid version makes little difference.

Another way that fleeceware developers get their apps installed on smartphones is by inflating their ratings in app stores by using fake reviews along with annoying requests to get users to rate them.

Delete these apps now

Below you’ll find the full list of all of the fleeceware apps posing as legitimate chatbot and ChatGPT apps on the App Store and Play Store. While you don’t necessarily need to delete them, you probably should unless you want to end up paying for an expensive subscription for features you can actually access for free.

• Open Chat GBT - AI Chatbot App
• AI Chatbot - Ask AI Assistant
• AI Chat GBT - Open Chatbot App
• AI Chat - Chatbot AI Assistant
• Genie - AI Chatbot
• AI Chatbot - Open Chat Writer

Sophos has reported all of these apps to both Apple and Google and many have since been removed from their respective app stores. However, if you have one installed on your smartphone, you will need to manually remove it by uninstalling the app.

How to access ChatGPT on your smartphone without getting scammed

Trying out the latest software especially when it’s as popular as ChatGPT makes it quite easy for app developers to trick users into signing up for a subscription to get access. 

However, the only way to get quick and guaranteed access to ChatGPT is to sign up for OpenAI’s ChatGPT Plus for $20 a month.

Likewise, you can also get access to the chatbot by using Bing Chat as Microsoft has partnered with OpenAI to bring ChatGPT to its search engine. There’s another advantage to going this route as well since Bing Chat has access to the latest data since it uses GPT-4 and searches the internet by default. ChatGPT on the other hand stopped training in 2021 and runs on GPT-3.5.

As of now though, OpenAI has yet to release an official ChatGPT app for mobile. When it does though, we’ll certainly have all the info here, so stay tuned. Until then, you’ll need to open up a new browser window on your smartphone and head to “chat.openai.com” to access ChatGPT for free on mobile.

More from Tom's Guide

• ChatGPT Plus is getting a massive upgrade — here’s what’s coming
• GTA 6 release date looks set for 2024 — here’s the proof
• 451 million people can’t use Google Bard — here’s why

Even the Google Play Store isn’t always safe as 60 Android apps with 100 million downloads combined were found to be spreading a new malware strain to unsuspecting users.

According to a new blog post from the cybersecurity firm McAfee, a new Android malware named Goldoson that collects data on a user’s installed apps, their Wi-Fi and Bluetooth-connected devices and even their location has been found lurking in 60 apps on the Play Store. The reason all of these legitimate apps became infected with malware in the first place is due to the fact that they all use the same third-party library.

Besides collecting a wealth of personal information, apps infected with the Goldoson malware can also perform ad fraud by clicking on ads in the background. Not only can this drain your smartphone’s battery but it could also put you at risk of having even more of your data collected by ad firms and data brokers.

Delete these apps right now

As McAfee is an App Defense Alliance member alongside ESET, Lookout and Zimperium, its researchers immediately informed Google following their discovery. 

The developers of the malware-infected apps were then informed, and while many removed the library spreading the Goldoson malware in the first place, those that did not had their apps taken down from the Play Store. However, if any of these apps are installed on your smartphone, you’ll need to remove them manually to stay safe. Likewise, the malware-infected versions of these apps could still be available on third-party app stores.

Here are just a few of the 60 apps that were found to be spreading the Goldoson malware and you can find the full list in McAfee’s blog post on the matter: 

• L.POINT with L.Pay - 10 million downloads
• Swipe Brick Breaker - 10 million downloads
• Money Manager Expense & Budget - 10 million downloads
• TMAP - 10 million downloads
• GOM Player - 5 million downloads
• Megabox - 5 million downloads
• LIVE Score, Real-Time Score - 5 million downloads
• Pikicast - 5 million downloads
• Compass 9: Smart Compass - 1 million downloads
• GOM Audio - Music, Sync lyrics - 1 million downloads
• LOTTE World Magicpass - 1 million downloads

Harvesting data from unsuspecting Android users

When an Android user launches a malware-infected app containing Goldoson, the device is registered and receives configuration from a remote server controlled by the cybercriminals behind this campaign, according to BleepingComputer.

From here, Goldoson’s data-stealing and ad-clicking functions are configured along with how often they should run on an infected device. Normally, the data collection function activates every two days and a list of installed apps, location history, MAC addresses of devices connected over Bluetooth and Wi-Fi along with other data is sent back to the cybercriminals.

The amount of data collected on each user varies though as it depends on the permissions a user granted an infected app during installation. The best Android phones running Android 11 or higher are better protected against this arbitrary data collection, but as McAfee notes, even recent versions of the operating system like Android 13 still have enough permission to gather sensitive data in 10% of the apps infected with the Goldoson malware.

How to stay safe from Android malware

At the time of writing, most of the apps on McAfee’s list have removed the third-party library used to infect them with the Goldoson malware. The ones that haven’t have been temporarily taken down from the Play Store.

Still though, if you have any of the apps in question installed on your smartphone, it’s still a good idea to remove them for the time being. Once enough time has passed and the apps have been fixed in an update, then you can reinstall them but you should still be cautious.

One of the easiest ways to stay safe from malicious apps and Android malware in general is to limit the number of apps installed on your smartphone. Instead of just installing any popular app, you should instead pick and choose and only have the most essential apps running on your smartphone.

Installing one of the best Android antivirus apps can help keep you safe from Android malware. At the same time though, you should also ensure that Google Play Protect is enabled on your smartphone as it scans both your existing apps and any new apps you download for malware.

Unlike the other malicious apps we’ve covered in the past, this time around it was the use of a third-party library that led to legitimate apps being infected with malware. This is why you need to be careful when installing any app on your Android smartphone.

More from Tom's Guide

• This is the most amazing phone that’s probably not coming to the US
• Hackers are using this new Chrome zero-day in their attacks
• Rilide malware is stealing 2FA codes and passwords

Hackers have come up with yet another way to get around Google’s defenses in order to get their malware-filled apps on the Google Play Store.

According to a new report from the cybersecurity firm Kaspersky, malicious loader programs are being sold on dark web marketplaces, priced from $2,000 all the way up to $20,000. These programs enable hackers to hide malware in legitimate apps in such a way that prevents Google from detecting it.

Also known as dropper apps, these programs often present themselves as legitimate software. Then, after clearing the Play Store’s review process, they then gain malicious updates from a server controlled by hackers. Their creators often wait until the apps have a large user base before adding malware to them, to infect the maximum amount of users.

In its report, Kaspersky notes that "the most popular application categories to hide malware and unwanted software include cryptocurrency trackers, financial apps, QR-code scanners and even dating apps."

While loader programs are used to inject malware into clean apps according to The Hacker News, the users who download them are prompted to grant these apps extra permissions that are used to facilitate malicious activities. Likewise, some of these apps utilize can detect if they are being debugged, analyzed or installed in a sandboxed environment. If this is the case, they halt their malicious activities to prevent being analyzed by security researchers.

Fake developer accounts and APK binding services

Loader programs aren’t the only way hackers are sneaking malware onto the Google Play Store.

Kaspersky also highlights the fact that hackers are buying hacked or newly created Google Play developer accounts for $60-$200 on dark web marketplaces as well. At the same time, developer accounts that don’t have a strong password or two-factor authentication (2FA) enabled can be easily cracked and put up for sale. This is actually worse as hackers can then upload malware to existing apps, many of which already have a large user base.

APK binding services are yet another way hackers can get their malware into legitimate apps. They are used to hide malicious APK files (or Android installation files) inside another app to distribute malware through fake sites or phishing text messages.

One reason APK binding services are more popular is that they cost significantly less than loader programs due to the fact that the malicious apps they contain are not available through the Play Store.

How to stay safe from malicious apps

To avoid having your Android smartphone infected with malware, the first thing you need to do is limit the number of apps on your device. Sure, an app may be free but that doesn’t mean it’s worth downloading. Instead, you need to carefully pick and choose which apps you have installed on your smartphone.

When installing new apps, you want to first check their rating and read reviews on the Play Store. However, as these can be faked, you also want to look for external reviews on other sites while video reviews are ideal since you can see the app in question in action.

For additional protection though, you also want to install one of the best Android antivirus apps on your phone and make sure that Google Play Protect is enabled as it continually scans your existing apps as well as any new ones you download for malware.

In an email to Tom's Guide, a Google spokesperson provided further insight on the steps it takes to ensure Android apps in the Play Store are safe, saying:

“Google Play has policies in place to keep users safe that all apps must adhere to. All Android apps undergo security testing before appearing in Google Play. We take security and privacy claims against apps seriously, and if we find that an app has violated our policies, we take appropriate action. Users are also protected by Google Play Protect, which can warn users or block identified malicious apps on Android devices.”

Still though, security is like a game of cat and mouse and even as Google bolsters the Play Store’s defenses against malware and malicious apps, hackers will find a new way to bypass these restrictions. This is why you need to be careful when installing new apps, even on one of the best Android phones.

More from Tom's Guide

• Android phones vulnerable to remote hacking
• FBI issues warning over public phone chargers
• Android malware stealing passwords from 400 banking apps

Android phones will soon be able to save you some extra storage space thanks to the Google Play Store's new "app archiving" option, which just got announced on the official Android Developers Blog.

When this feature rolls out, and when you try to download a Play Store app onto a device that's already filled its onboard storage, an auto-archive pop-up will appear to help you make space. Accepting the prompt will then let the Play Store automatically remove data from infrequently-used apps (up to 60% or so of an app's total size) until there's enough room for the new one to be installed.

You'll be able to tell which apps have been archived by looking for the white cloud download symbol on top of the app. Crucially, any personal data you've got from using the app won't be deleted, and the icon will remain where you left it on the home screen, so you can always re-download the app and get back to quickly using it as normal. 

Developers will need to set up their apps in a different way, by using Android App Bundles instead of APK files, in order for the Play Store to auto-archive them. This could mean it's a bit of a wait for certain apps to offer this. But Google's incentivizing devs to use the new option with the tempting promise of reducing users uninstalling apps fully.

A simple but effective upgrade

We're glad to see app archiving is finally launching, as we've been waiting since Google's original March 2022 announcement for it to be made available. 

Even the best Android phones can offer only 128GB of storage in their basic forms, which can fill up quickly for active phone users. Having the option to retain the key parts of an app but freeing up some space for more immediately useful things sounds excellent though. So hopefully Android developers will implement this quickly onto all our favorite Android apps.

That said, we usually find photos and videos are the most space-hungry files stored on our devices. If that's the case for you too, consider looking at our best cloud storage recommendations so you can keep your pics safe without needing to keep them on your phone. 

There's also Android 14 to look forward to, which is currently in beta but will be launched publicly later this year. It's not looking to be a huge upgrade, but is offering some nice improvements like passkey support and the ability to hide your PIN preview from potential spying eyes.

More from Tom's Guide

•  I ditched Android for iPhone for a year — here’s what happened 
•  Samsung’s weird web app gives you a taste of Android from your iPhone 
•  9 Android camera features that will help you take way better photos 

Following the recent success of Temu, you might be looking for other online shopping apps with great deals. However, there’s one in particular you need to watch out for following a new warning from Google.

According to a new report from TechCrunch, the search giant has flagged several apps made by the Chinese e-commerce giant Pingduoduo as malicious since they contain malware.

In fact, over the last few weeks, Chinese security researchers have gone as far as to accuse the rising e-commerce company with 800 million active users of making Android apps with malware specifically designed to monitor users.

If you’re one of the people that has downloaded Pingduoduo looking for a great deal, you should immediately delete the app or risk having your shopping habits monitored and scrutinized by a Chinese company.

Not all of Pinduoduo’s apps contain malware

Although several of Pinduoduo’s Android shopping apps have been found to contain malware, the official version — that up until recently was available on the Google Play Store — did not.

In a statement to Tom’s Guide, a Google spokesperson provided further insight on the matter, saying:

“Off-Play versions of this app that have been found to contain malware have been enforced on via Google Play Protect. Google Play Protect checks Android devices with Google Play Services for potentially harmful apps from other sources. Google Play Protect enforcement has been set to block installation attempts by these identified malicious apps. Users that have malicious versions of the app downloaded to their devices are warned and prompted to uninstall the app. We have suspended the Play version of the app for security concerns while we continue our investigation.”

What this means is that Google’s built-in security app, Google Play Protect is now warning users that have Pinduoduo installed that it may be malicious. At the same time, the official version of the app has been removed from the Play Store.

To make matters worse, a security researcher that spoke with TechCrunch anonymously told the news outlet that some of Pinduoduo’s apps have been exploiting zero-day flaws to hack users. However, in a statement, a company spokesperson rejected both Google and the security researcher’s claims.

How to stay safe from malicious shopping apps 

Besides having Google Play Protect enabled on the best Android phones, you may also want to install one of the best Android antivirus apps for additional protection from malware and other viruses.

As for trying out new shopping apps, you always want to be careful given how much information you need to provide to order items from them. Besides your address, you also have to provide your credit card information to complete an order. As such, if a shopping app is malicious, hackers have more than enough information to commit identity theft.

This is why you should stick to known and trusted apps and services when shopping online. Likewise, if a deal or even an app full of deals seems too good to be true, it probably is.

Pinduoduo’s official Android app may return to the Play Store eventually once Google completes its investigation into these claims the app is spreading malware.

More from Tom's Guide

• Xenomorph Android malware can steal passwords from 400 banking apps
• This Android malware is spreading like wildfire after going open source
• Hackers have developed a clever new way to add malware to Android apps

Online services often require you to enter a one-time code sent to your mobile number in order to verify your account. However, what happens when you don’t have a phone number or live in a country where a particular app or service is banned?

In this case, many users turn to virtual numbers to receive a one-time code so that they can verify their new accounts but these virtual numbers have to come from somewhere though.

A security researcher at the cybersecurity firm Evina has discovered a fake SMS app for Android that secretly uses the phone numbers of those who have installed it to send out one-time codes for other users according to BleepingComputer. 

Hijacking phone numbers to help others verify their accounts

The app in question is called Symoo and it has been downloaded over 100,000 times. At the time of writing, it’s no longer available on the Google Play Store. Still though, it has a 3.4 star rating even though many users have complained it’s fake.

After being installed on a user’s device, Symoo requests permission to send and read text messages which isn’t surprising since the app’s description says it’s a “simple use sms application”. The app then asks the user to provide their phone number and a fake loading screen appears as an overlay. During this time, the creators of this malicious app send out multiple two-factor authentication (2FA) text messages to help others create and verify new online accounts.

Once the fake loading screen disappears, the app freezes and those who installed it aren’t able to use it for its intended purpose. While most users then uninstall Symoo, the damage is already done since the cybercriminals behind it already have your phone number.

Symoo isn’t the only app doing this as the security researcher who discovered it, Maxime Ingrao also found that SMS data extracted from it was sent to a domain used by the app Virtual Number. Just like with Symoo though, it has been removed from the Play Store.

A Google spokesperson provided further insight on the matter in a statement to Tom's Guide, saying: 

"The apps identified - Symoo (com.vanjan.sms) and ActivationPW (com.programmatics.activation) - have been removed from Google Play and the developer has been banned."

How to stay safe if you downloaded this fake SMS app

If you downloaded Symoo or any other suspicious SMS apps, you need to delete them immediately. As I mentioned before though, the damage is already done since your phone number is in the hands of cybercriminals. As such, you may want to consider changing your number if you don’t want to constantly be interrupted with one-time codes from other users trying to create accounts.

At the same time, you need to be extra careful when downloading new apps onto your Android smartphone. While Google Play Protect is able to scan new apps and any installed on your device for malware, the same can’t be said for more elaborate scams like this one. For extra protection from other threats though, you may want to consider installing one of the best Android antivirus apps.

When it comes to protecting your phone number, you want to avoid giving it out freely and instead of third-party SMS apps, you should use the one that came installed with your phone. While there are some reputable text messaging apps for Android, it just isn’t worth the risk of having your mobile number exposed online.

Read next: for something more cheerful read how Starfield has survival elements but won’t warp your mind with dull tasks.

Five malicious Android apps that appear innocent-looking at first glance have been discovered on the Google Play Store and are being used to steal banking information from unsuspecting users.

According to a report from ThreatFabric, these malicious apps pose as finance trackers and other utilities like file managers to trick potential victims into downloading them in the first place. However, this appears to be working as the five malicious apps discovered by the firm’s researchers have been downloaded over 100,000 times combined.

Even though Google scans apps submitted to the Play Store for malware and other viruses, the apps in question were able to slip past its defenses as they don’t actually contain any malicious code. Instead, these apps are known as malware droppers since they download their malicious payloads onto one of the best Android phones after being installed.   

In ThreatFabric’s report, the fraud detection firm says that there has been an uptick recently in the use of malware droppers by cybercriminals as they offer an easier way to infect vulnerable devices with a much lower chance of being discovered.

Remove these apps from your devices immediately

If you have any of the apps listed below installed on your Android smartphone or tablet, you will need to manually delete them immediately. However, it’s also worth taking a look at Threat Fabric’s research, as the firm has also included a list at the end of its blog post with all the banking apps and crypto wallets targeted by the malware these droppers leave on an infected device.

• Codice Fiscale 2022 - 10,000 downloads
• File Manager Small, Lite - 1,000 downloads
• Recover Audio, Images & Videos – 100,000 downloads
• Zetter Authentication – 10,000 downloads
• My Finances Tracker – 1,000 downloads

Using malware droppers to spread banking trojans

The app ‘Codice Fiscale 2022’ targets Italian users looking to calculate tax payments but once installed on a user’s device, it drops the SharkBot banking trojan. Likewise, the app ‘File Manager, Small, Lite’ also drops this same Android malware.

SharkBot has been growing in popularity over the past few months and it is used by cybercriminals to steal banking and other credentials from victims by displaying fake overlays when they try to login. According to ThreatFabric, this banking trojan is capable of stealing usernames and passwords from Barclays, Citi, Capital One, Wells Fargo, PayPal and other banking apps but it can also intercept 2FA codes sent via text, perform keylogging and remotely take over an infected device.

Both of the apps in question infect user devices with SharkBot by prompting them to install a fake update which is hosted on a site designed to look like the Play Store. While examining the URL would show the update is fake, newer versions of Android warn users when an app requests to use the “REQUEST_INSTALL_PACKAGES” permission according to BleepingComputer.

The apps ‘Recover Audio, Images & Videos,’ ‘Zetter Authentication,’ and ‘My Finances Tracker’ work in a similar way but drop the Vultur malware instead of SharkBot. However, like the former, Vultur can remotely stream the contents of your smartphone’s screen and perform keylogging on your device. All of this data is sent back to the cybercriminals responsible and is then used to commit fraud.

These three malicious apps also display a request to install a fake update disguised as a Play Store notice after being loaded onto a victim’s phone. If a user installs this fake update, their smartphone is then infected with the Vultur malware.

In this campaign though, ThreatFabric’s researchers spotted a new Vultur variant that can also perform UI logging and record clicks, gestures and every other action a victim takes on their smartphone. When it comes to banking apps and crypto wallets, this malware targets crypto.com, Amex, Barclays, Coinbase, eToro, Robinhood, Cash App and many other popular financial services.

How to stay safe from banking trojans and other malware

When it comes to staying safe from malicious apps, your best bet is to avoid sideloading apps entirely and only downloading new apps from official stores like the Play Store, Amazon App Store or the Samsung Galaxy App Store. While this won’t work in this case, it’s a good general rule of thumb to avoid having your smartphone infected with malware.

As such, you need to be extra careful when installing apps onto your Android smartphone or tablet. Before installing any new app, you first need to consider whether or not you really need it. From there, you should read the reviews and check the app’s rating on the Play Store but looking at external reviews (preferably video reviews) is a good idea as well since cybercriminals often use fake reviews to make their bad apps seem more appealing.

Thankfully, malware droppers - like the five malicious apps described above – often require you to install an update after putting them on your phone. If an app tries to do this and the update isn’t being delivered by Google through the Play Store, this is a major red flag and you should delete the app in question immediately.

As for staying safe from malware, you'll want to ensure that Google Play Protect is enabled on your Android devices since it automatically scans for malware in the background. For additional protection though, you'll also want to install one of the best Android antivirus apps on your smartphone or tablet. 

Google’s engineers work tirelessly to rid the Play Store of malicious apps. However, since they don’t contain any malicious code, malware droppers are more likely to bypass the search giant’s security measures, which is why you always need to watch out when installing any new app on your Android devices.

Google frickin’ loves data, sucking it up with a seemingly unquenchable appetite. Now the more privacy conscious among you will balk at the idea of that, and to Google's credit, it lets you tell it to keep its data sniffing out of your internet personal space. But to Google, I say, “Go ahead, have your fill.” 

Is that because I love to be tracked? Well, not really, though Google Maps’ record of where the heck I’ve trekked to after a night of heavy drinking is excellent. No, it’s because Google will occasionally pay me to give it some slithers of granular data. This is thanks to the Google Opinion Rewards app. 

Available on Android and iOS, this Google app basically serves up surveys, prompting you to answer them; at the end, it gives you some credit for spending in the Play Store or PayPal, all for tapping through some answers that take less than 10 seconds.

Sure, this isn’t a get-rich-quick app. But over time the credit from the surveys adds up, sometimes at quite a rate. And soon you'll find you have enough credit to buy a mobile game or perhaps a movie to download onto your phone or tablet.

From doing this I’ve managed to pay for in-app purchases, buy a couple of games and get a digital download of 2021’s Dune. All in all, my rewards have totaled to £54.24 in Play Store credit (that’s roughly $61 or AU$96) — not bad for what must be cumulatively only a few minutes of work over the past few years.

Of course, this does raise the uneasy question of whether I’m giving up too much information to Google, given it will know the date and location of a particular store I entered and if I spent any money in there. Were that data ever to be used to monitor me and decide if I’m worthy of healthcare support given I happen to be visiting a local fast food spot several times a week, or something to that effect, that would be alarming. But that's more of a future dystopian problem to concern ourselves with later.   

And on close inspection of the app, on Android Google Opinion Rewards assures users that data isn't shared with third parties, is encrypted and can be subject to an independent security review. Users also can request for the data to be deleted. On iOS, the app claims data is aggregated and the answers are anonymous and not linked to any personally identifiable information. So that’s reassuring, though I’m sure if anyone wanted to know more about me, they could easily find that out online without needing leaked Google data — such is the internet-centric lives many of us now lead.

My only other concern is there's something of a Pavlov's dog situation here, whereby as I'm rewarded for competing each survey, I now get a slight flutter of excitement every time I get a notification that a new survey is ready. So much for being a strong independent thinker...

Nevertheless, at a time when the cost of living is getting more expensive and people need to be more selective on what they spend their money on, I can thoroughly recommend giving Google Opinion Rewards a go. It’s giving you free money or credit for very little effort and not really that much data. Yet, thanks to Google Opinion Rewards payouts, you could let you snag one of the best Android games without spending any of your hard-earned cash. That’s a win-win for Google and me, and a no-brainer app that you should try today.

In Android 13, Google introduces new security measures to help protect users from malicious apps and other dangerous malware. However, it appears that hackers have already devised a way to bypass these new protections.

Security researchers at the fraud detection firm ThreatFabric have shed light on a new exploit in a blog post. According to the post, the exploit can allow a malicious app to appear as an app store so that it can bypass Android 13's new security measures.

As reported by Android Police, this new exploit builds on top of older malware that uses Android’s accessibility services to make it easier to access users’ private data, passwords and more.

Limiting access to Android’s accessibility services

Unlike in previous versions of Google’s mobile operating system, Android 13 no longer allows sideloaded apps to request access to a phone’s accessibility services.

Although there is currently a workaround that requires you to activate access under the app info screen, it could be removed by the search giant ahead of Android 13's wider release. (The updated software is available as an OTA update for Pixel phones.)

The reason Google decided to make it more difficult for sideloaded apps to gain access to accessibility services is due to the fact that malicious apps and other malware usually ask for additional permissions during installation. Now if you download an app from outside of an official app store, it will be harder for that app to access your contacts to spread spam or appear over other apps.

There is a catch though, as many people rely on accessibility services to make their devices more usable. All apps downloaded from the Play Store or third-party app stores like F-Droid, or the Amazon App Store are exempt from this restriction.

Using app stores to bypass Google’s security measures

Allowing apps downloaded from official app stores to access accessibility services in Android 13 makes sense as, just like Google does on the Play Store, other official stores screen new apps to ensure they aren’t malicious by carefully checking their code.

However, malware developers from the Hadoken group are now using this to their advantage in the form of the new exploit discovered by ThreatFabric researchers, who have dubbed the exploit "BugDrop."

The exploit itself comes in two parts with the first part installing a "dropper" app that acts like an app store on a victim’s device. From here, a session-based package installation API is used to install another app that actually contains malware.

Fortunately, ThreatFabric says that this malware is still in the early stages and that at the moment, it’s incredibly buggy. Nevertheless, it could be used to infect smartphones with malware once more phone makers start rolling out their Android 13 updates.

How to stay safe when downloading new apps

First things first, you should never sideload apps on your Android smartphone and should instead download them from official app stores. However, bad apps do manage to slip through the cracks from time to time, which is why you should always look at an app’s reviews and ratings first.

At the same time, you should avoid installing apps you don’t really need and delete any apps you’re no longer using. Enabling Google Play Protect on your devices is another way you can stay safe since Google’s own Android antivirus app scans all of the apps you have installed for malware and other threats. 

When it comes to permissions, you should be wary of any app that asks for permissions it may not actually need such as being able to draw over other apps. Apps that request access to Android’s accessibility settings should also be treated with extra caution.

Only days after McAfee revealed news of a new malware strain affecting millions of devices via apps downloaded from the Google Play Store, there's more concerning news for Android users.

In a new report, the cybersecurity firm Trend Micro has brought to light the existence of 17 more apps which have been dropping malware on Android devices. According to the company, the malware responsible, dubbed 'DawDropper', is "capable of stealing banking information, intercepting text messages, and hijacking infected devices."

The apps themselves are no longer on the Play Store, but it's important you take a look at the full list below and delete them from your devices immediately, as they can still be doing damage if left installed. Then, change the passwords for all of your highly sensitive accounts, such as your bank accounts and email. We've detailed some more advice at the bottom of this article.

Delete these apps now if you still have them installed

• Call Recorder
• Rooster VPN
• super Cleaner
• Document Scanner
• Universal Saver Pro
• Eagle photo editor
• Call recorder pro+
• Extra Cleaner
• Crypto Utils
• FixCleaner
• Universal Saver Pro
• Lucky Cleaner
• Just In: Video Motion
• Ducment Scanner Pro
• Conquer Darkness
• Simpli Cleaner
• Unicc QR Scanner

What is DawDropper and how does it work?

A 'dropper', as it is known in the cyber security industry, is a trojan which infiltrates a device and installs another piece of malware — this is called delivering its payload.

DawDropper has, according to Trend Micro, been identified in several variants, each dropping a different payload: Octo, Hydra, ERMAC and TeaBot. These run different executables which will affect a user's device in different ways. Essentially though, they all want to steal your sensitive data. To do it, they're packaged in seemingly innocent apps, many of which offer ostensibly useful services such as cleaning up your device but the reality couldn't be further from that. The Octo malware, Trend Micro goes on to explain, is able to record your screen to steal important information such as passwords and PINs, and then keeps your device awake, despite turning off the screen, allowing it to upload this data to attacker controlled servers.

They also report that DawDropper is a DaaS or Dropper-as-a-Service model of malware, which means that somebody has paid the creators of the malicious code to steal data for them. It's a safe bet then that the intention of stealing this data really is to use it nefariously, so you shouldn't merely hope for the best and get to work on securing your devices immediately.

Thankfully, this malware has been caught, but it isn't a great look for the Google Play Store, especially not after having been called out by McAfee just days ago. What's more, based on Trend Micro's findings, the Octo payload even disables Google Play Protect, the safety net which is supposed to stop downloaded apps executing harmful code. 

Trend Micro also noted that these apps were also available on the Apple App Store, although they do not state whether there are similar security concerns. Historically, iPhones have been seen as safer than Android devices, as software cannot be installed from third parties outside the App Store without jailbreaking a device. However, the iOS safety net relies on the assumption that no malicious apps are on the App Store, so it remains to be seen as to whether or not iOS devices are affected by these apps as well. The safest thing to do if you're an iPhone user is to delete these apps immediately if you have them installed.

What to do if you've installed one of the affected apps

As we mentioned earlier, you'll want to delete the affected apps and change important passwords and PINs immediately, ideally on a separate device. It's also worth installing one of the best Android antivirus apps and scanning your device for threats and removing any installed malware. If you need to change passwords on the same device you have the apps installed on, then run a device scan first.

To keep yourself safe in the future, firstly make sure you refer to our guide on how to keep your phone safe from hackers. You'll also want to ensure Google Play Protect is enabled on your device. However, as with this case, Play Protect can be bypassed. Trend Micro have accordingly provided some helpful advice for users on how they can stay safe when downloading new apps:

• Only install apps from trusted sources, and do not download them from websites which look suspect.
• Check user reviews of the app before installing, to make sure there aren't any concerns or suspicious app behaviours reported.
• Look into app developers and publishers if you can, to verify their credentials before you install an app.

• Next: This new Chrome malware spies on your Gmail. Protect yourself now. 

Update August 1: There's a new report of auto-starting Android malware infecting millions of devices. And we have a list of more apps you'll want to delete. 

Another batch of malicious apps filled with adware and malware has managed to slip past Google’s defenses and end up on the Play Store.

In order to trick unsuspecting users into downloading them, these 36 malicious apps pose as image-editing tools, virtual keyboards, system optimizers, wallpaper changers and other useful tools. 

While these apps promise to add new functionality to your Android smartphone, they actually push intrusive ads, subscribe users to premium services and steal social media accounts instead, according to BleepingComputer.

The malicious apps were discovered by security researchers from the antivirus software maker Dr. Web who provided further insight on each of the individual apps in a new report.

Although Google has removed most of these bad apps from the Play Store, you will still need to uninstall them manually if you have any of them on your Android devices.

Delete these Android apps: Full list 

• Photo Editor: Beauty Filter 
• Photo Editor: Retouch & Cutout 
• Photo Editor: Art Filters 
• Photo Editor - Design Maker 
• Photo Editor & Background Eraser 
• Photo & Exif Editor 
• Photo Editor - Filters Effects 
• Photo Filters & Effects 
• Photo Editor : Blur Image 
• Photo Editor : Cut, Paste
• Emoji Keyboard: Stickers & GIF
• Neon Theme Keyboard 
• Neon Theme - Android Keyboard 
• Cashe Cleaner
• FastCleaner: Cashe Cleaner
• Call Skins - Caller Themes
• Funny Caller 
• CallMe Phone Themes
• InCall: Contact Background 
• MyCall - Call Personalization 
• Caller Theme
• Caller Theme 
• Funny Wallpapers - Live Screen 
• 4K Wallpapers Auto Changer
• NewScrean: 4D Wallpapers
• Stock Wallpapers & Backgrounds 
• Notes - reminders and lists 

Adware apps that keep running in the background

In addition to just being annoying, adware apps can quickly drain your smartphone’s battery as many of them are designed to continue running in the background even after you close them.

The ones discovered by Dr. Web are actually modifications of existing adware families that first showed up on the Play Store back in May of this year.

These adware apps are also able to run on top of other apps as they request permission to use overlay windows during installation. However, they can keep running in the background as well by adding themselves to the battery saver’s exclusion list in Android.

To make matters worse, many of these adware apps also feature the ability to hide their app icons in the app drawer or replace them with a different icon that resembles a core system component such as “SIM Toolkit”.

Of these adware apps, Neon Theme Keyboard by Nataļja Kokorevičs (which is still up in the Play Store at the time of writing) stands out as it has over a million downloads even with a terrible score of 1.8 based on 4,000 reviews. Fortunately though, it does seem like Google Play Protect has begun warning users about the app based on reviews from the Play Store.

Joker apps that subscribe users to premium services

Dr. Web’s researchers also found malicious apps on the Play Store that infect users’ devices with the infamous Joker malware. 

These apps are particularly dangerous since this malware strain has the ability to sign up victims to premium subscription services without their knowledge. Unfortunately, two of the malicious apps in Dr. Web’s list (Water Reminder- Tracker & Reminder by YPC Dev and Yoga- For Beginner to Advanced by ALHASSAN) are still available to download and have yet to be removed from the Play Store.

Although both apps actually provide the functionality described in their Play Store listings, they also perform malicious actions in the background.

Image editing apps that steal your Facebook account

Having your Facebook account hacked can be devastating, especially when it’s a Facebook Business account, which is why two of the malicious apps discovered by Dr. Web’s researchers need to be uninstalled immediately.

These two apps (YouToon – AI Cartoon Effect and Pista – Cartoon Photo Effect) disguise themselves as image editing tools that can apply cartoon filters over regular images and have been downloaded from the Play Store over 1.5 million times.

Both apps have been designed to steal data from your Android smartphone that can be used to hack into your Facebook account.

Protecting yourself from malicious apps on the Play Store

In order to avoid intrusive ads, being subscribed to premium services against your will or having your social media accounts stolen, the first thing you should do is look through the list above to make sure that none of these malicious apps are installed on your Android smartphone or tablet. 

If they are, remove them immediately and consider using one of the best Android antivirus apps to look for any viruses that may have been left behind.

At the same time, you should also avoid installing apps from unknown sources and instead download them from official stores like the Google Play Store, Amazon App Store or Samsung Galaxy App Store. 

Even then, bad apps do manage to slip past Google’s defenses from time to time which is why you should always check user reviews and ratings, visit developer websites and read the privacy policy of every app you install. I know it’s a lot but it’s worth doing if you want to be on the safe side.

Finally, you should ensure that Google Play Protect is active on your devices as it regularly checks for malicious apps and warns you if you try to install one.

Google will reinstate app permissions on the Play Store after the company had replaced them for a Data Safety section that gives users an idea of what data apps are collecting and how it is used. 

App permissions on Play Store listed the permissions that an app used. These permissions were listed by Google in contrast to Data Safety labels, which were listed by individual app makers. They simply detailed how apps could potentially gather your personal information. 

The removal of app permissions from Play Store listings meant users weren't getting a complete picture of apps and what they could access. There wasn't any way to compare the information coming from Google with that supplied by the app developers.

Google introduced Data Safety labels last year but the feature was rolled out on Android phones only in April 2022. Since then, users noticed it replaced some key information on app pages and removed app permissions from Play Store completely. You could still go to the apps menu on your phone and check out permissions for the individual app.

This resulted in an online backlash, and Google has now finally rolled back on its decision to remove app permissions. The software giant said in Twitter thread that the feature will be reinstated. 

In that tweet, Google mentions that the app permissions list and the Data Safety section will coexist, so it should be readily transparent to look what data an app is really using. That said, I couldn't spot the change on my Android phone at the time of writing this; Google says app permissions should “be back shortly”.

Google’s Data Safety section is similar to Apple’s app privacy labels that launched in 2020 to show users what data apps collect across three categories: data used to track you, data linked to you and data that is not linked to you. 

Google labels, on the other hand, show the data an app developer is collecting, their security practices and if they share that information. Google also recently ran into a problem with their labels as individual app developers didn’t update their own permissions. So companies like Facebook and Amazon did not have any permissions up on the Play Store. 

Google makes it mandatory for developers to declare the Data Safety section for their apps, with the rule going into effect earlier this week. The tech giant also mentions it will take action against an app if it finds inaccuracies in the Data Safety section. 

With Google now reinstating app permissions on the Play Store, it’s a win-win situation for Google and us and hopefully, we will not be left in the dark about what apps are doing with our data. 

Read next: Google's Family Link parental control app just got a big upgrade — here's what you need to know

Update: Google is making it easier to find good Chrome extensions, here's how

If the past few days are anything to go by, you should be extra cautious when it comes to downloading apps from the Google Play Store. 

That’s because there's been a spate of malware that’s managed to sneak into legitimate-looking apps that were hosted on the Play Store. Through various obfuscation methods, like hiding links to malware in the apps rather than actually loading them with malicious code, these apps were able to circumnavigate Google's security measures. 

Case in point: Google recently pulled six antivirus apps from the Play Store that were loaded with Sharkbot, a type of trojan malware that was used to trick people into inputting their account and banking details, which were then sucked up and passed back to a command and control server for hackers to use at a later date. 

Given these apps posed as fairly legitimate Android antivirus tools, it’s easy to understand how they were downloaded and installed some 15,000 times. 

And the second major malware-loaded app purge saw Google ban a group of apps that were present on a massive 60 million devices and were found to be sending detailed data to a company with links to the U.S. security agencies.

The apps did this pilfering via a software development kit (SDK) embedded in them that was capable of collecting data on a device's location, personal details, clipboard and certain files, as well as devices on the same Wi-Fi network. 

The SDK harvesting this data came from a Panama-based company named Measurement Systems. It allegedly paid developers between $100 and $10,000 a month to include the code in their apps, saying to one of the developers that it was gathering data for ISPs, finance and energy companies, with a focus on users in the Middle East, Asia, Central and Eastern Europe.

Somewhat worryingly, after researching Measurement Systems, Serge Egelman and Joel Reardon, a pair of security researchers from AppCensus, found that the SKD was linked to Vostrom Holdings, a Virginian defense firm that works for the U.S. government through another subsidiary, Packet Forensics.

So it’s pretty worrying that apps loaded with such spying tools made their way onto the Play Store.

How to protect yourself from Android malware

Should you be worried? The good news is that Google is very quick to seek out and remove malware or spyware-loaded apps. And security researchers are dedicated to hunting down such apps. But at the same time it’s worth being cautious.

First off, always make sure you install applications only from trusted and verified publishers. If an unknown developer is suddenly offering, say, a game that looks like Call of Duty Mobile or a free Netflix-like streaming service, it could be a dodgy developer trying to trick you to download an app that’s either got malware or will bombard you with adverts; these used to be rather common in the early days of Android.

We also suggest avoiding apps and services that need to be side-loaded unless you are completely sure they come from 100% legitimate sources.

If an app does get your attention, then do a sense check by seeing what else is out there from the same publisher. And do make sure to look at app reviews, star ratings and how many times an app has been downloaded, as these offer a reasonable idea of how legitimate apps are. Apps with tens of thousands of downloads, like Instagram, as well as solid reviews, would suggest an app is safe and legitimate.

Do also avoid apps that ask you for a seemingly inordinate amount of information, especially any that wants you to part with any payment details. A lot of good and legitimate apps will tend to have Google Pay integration.

Android does still have some solid security features built in, but for extra protection check out our picks for the best Android antivirus apps. These antivirus tools can scan your phone and sniff out threats and mitigate them.

If you do encounter some dodgy apps, then make sure to alert Google to their presence. And feel free to flag any suspicious apps you spot to Tom’s Guide and we will investigate them.

Read next: Google's Family Link parental control app just got a big upgrade — here's what you need to know

Update: A new nasty piece of Android malware called Octo has popped up. It allows hackers to take remote control of your phone and steal your banking information and more.

Six deceptive Android antivirus apps have been caught spreading malware that seeks out and steals banking information. 

Cyber security experts Check Point Research found these apps on the on the Google Play Store and discovered that they were distributing malware called Sharkbot. When activated, this malware can steal the banking information and Android user credentials once the app it’s hiding in is installed on an unsuspecting phone. 

It performs this pilfering by using fake forms to trick users into providing sensitive data that can then be sent back to a command and control server, where it's exploited at a later date by hackers and cyber criminals. 

These apps are; "Antivirus, Super Cleaner," "Alpha Antivirus, Cleaner," "Atom Clean-Booster, Antivirus," "Center Security - Antivirus," and "Powerful Cleaner, Antivirus.” 

Check Point Research discovered that these deceptive apps have been downloaded and installed around 15,000 times. So this is malware that's been actively exploited.

Google was alerted to the malicious apps, and has since removed them from the Play Store, but it appears that the damage was already done.

“Despite a fast response from Google, which removed applications linked to threat actor accounts, more attempts were made in Google Play with more droppers from different accounts. They were all subsequently removed as well, but the damage from 15,000 thousand installations was already done,” said Check Point researchers Alex Shamshur and Raman Ladutska.

Intriguingly, Check Point found a geofencing technique was being used in the malware dropper to prevent Sharkbot from targeting users in China, India, Romania, Russia, Ukraine or Belarus. The main targets of the malware spreading were reportedly devices in Italy and the United Kingdom. This approach may have been the reason the malware managed to infiltrate the Google Play Store.

Stay safe from hidden Android malware

Common cyber security advice is to make sure you have an antivirus tool on your smartphone to keep malware at bay. But it’s not always that easy, according to the researchers.

“If a new AV solution appears in Google Play today, there’s no way to guarantee it won’t turn out to be a malware spreading threat tomorrow. This is the exact case we observed with the Sharkbot malware,” said the researchers. “In this spreading scheme, the malware itself is not uploaded to Google Play but rather the intermediate link is, which masquerades as a legitimate software.”

So what can you do to protect yourself from such sneaky cyber attacks? Well Check Point advises that you “install applications only from trusted and verified publishers.” If an app from a new publisher intrigues you, try searching for comparable apps from a trusted developer. Check Point also advices users to report to Google on any suspicious applications they encounter. 

And we’d suggest that if you have any reason to doubt the legitimacy of an Android app to avoid it entirely — especially if it requires a side-loading technique.

If you’re unsure about what antivirus tools to trust, then check out our guide on the best antivirus software, which includes both free and paid tools.

Researchers have found more than 200 "fleeceware" apps in the Apple and Google Play app stores that bring in millions of dollars in fraudulent revenue for their developers. 

Ever downloaded an app that promises a free subscription but then ends up saddling you with hefty charges? According to researchers at Avast who posted their results yesterday (March 24), this isn’t just a sporadic occurrence affecting a few users. 

• The best camera phones right now
• The best Android antivirus apps to keep your phone clean
• PLUS: Slack just backtracked on the worst idea ever

Rather, fleeceware is a scourge tearing through the app stores for the best Android phones and the best iPhones. Avast researchers listed 204 fleeceware apps totaling in excess of a billion downloads — yes, that’s a billion — and generating estimated revenue of more than $400 million.

"Fleeceware" refers to software that promises something for free, but then delivers hidden costly charges. Other types of nefarious apps such as adware or spyware infiltrate devices to generate ad-fraud revenue or pinch users’ data, but fleeceware is cunning in that it tempts users to download software before charging astronomical subscription fees. 

It's also more or less legal, although clearly unethical. Subscriptions to many of these app amount to hundreds of dollars per year, and Avast said the top annual fees can be more than $3,000.

There are various mechanics through which fleeceware tries to hook subscribers, not least through the lure of free trials, but most of these apps over-promise and under-deliver on their services.

These seemingly benign offers then lock users into a “recurring high subscription fee, generating substantial revenue for the developers," according to the Avast report. “There’s also the possibility that users forget to cancel the free trial, resulting in more expensive fees.”

The water is further muddied by fake reviews that falsely bolster the legitimacy of the crooks’ apps. 

“This tactic impairs a user's ability to make an informed decision about the application at hand,” said Avast.

Children, too, are affected, frequently downloading what appears to be an innocuous app with parents discovering the extortionate fees “weeks or months later” on their bank statements. 

Furthermore, said Avast, "it appears that part of the fleeceware strategy is to target younger audiences through playful themes and catchy advertisements on popular social networks with promises of ‘free installation’ or ‘free to download’."

"By the time parents notice the weekly payments," the report added, "the fleeceware may have already extracted significant amounts of money."

A very lucrative business

Avast has posted lists of the fleeceware apps it found: 134 fleeceware apps in the Apple App Store and 70 fleeceware apps in the Google Play Store.

Many of the apps offer horoscope or palm readers, simple photo filters or music-making effects or lessons and PDF document scanners/QR code readers. Avast researchers found that the apps often pledged a three-day free trial before the subscription started.

Avast used estimates from app-industry analysts Sensor Tower to gauge the profitability of the apps. The Android apps have more than 500 million downloads, Sensor Tower estimated, and have earned about $38.5 million.

The iOS apps were even more lucrative. Although they also had been downloaded about 500 million times, their estimated revenue was nearly 10 times as much; Sensor Tower figured it at $365 million.

Sensor Tower told Avast that these apps "are actively advertising on major social networks such as Facebook, Instagram, Snapchat and TikTok."

We checked a few apps from both of Avast's lists, and all were still available for download at the time of this writing. Avast said it had notified Apple and Google of the apps and asked the companies to review them for violations of the app stores' terms of service.

If you've been bilked by a fleeceware app, your options for getting any money back are limited. Google and Apple are not responsible for reimbursing you after a set amount of time has passed. 

Despite the fact that legitimate companies often refund exorbitant charges out of goodwill — such as when children run up huge credit card bills by buying in-game items — there's no obligation for companies to do so, and people may have to resort to getting their banks involved to process chargebacks.

Fleeceware is a very tricky affair. It's quite obviously very unethical, but one that seems to occupy a legal grey area. It's also worth being mindful of the resilience of these apps, because many of them keep charging users' credit cards even after the apps have been deleted from users' phones.

You can head over to the Apple and Google support pages to find out more on how to best manage your subscriptions. In the meantime, keep an eye out for anything untoward in the mobile app wild west!

MORE: Best free Android apps

Security researchers detected 29 Android applications that harbored malware and amassed at least 3.5 million downloads.

The dodgy apps, discovered by cybersecurity firm White Ops, bombarded users with intrusive adverts, didn’t perform intended functions and were nearly impossible for users to delete as the apps' launch icons would suddenly vanish.

• Stay safer online with the best antivirus software you can get
• Best VPN: pick the ideal provider for watertight privacy
• Just in: Disney, Microsoft, Nintendo and 50 more hit by source code leak

Dodgy photo editors

In a blog post, the White Ops Satori Threat Intelligence researchers said they came across the malicious apps when they were threat-hunting and noticed that the apps in question had “manifested suspiciously high volumes of ad traffic”.

White Ops has named this campaign ChartreuseBlur as most of these apps were photo editors that contained “blur” in their titles. The researchers also questioned the legitimacy of the apps as the names of their developers sounded similar. 

“The developer name for Square Photo Blur —'Thomas Mary'— is almost certainly bogus," noted the researchers. "All of the apps in this investigation feature developers whose 'names' are common English language names smashed together, seemingly at random.” 

What’s more, the majority of the apps had negative reviews on the Google Play Store. White Ops said the poor write-ups “suggest the app is barely functional with many reports of OOC [out-of-context] ads”.

In-depth analysis 

During their investigation, the researchers analyzed an app called Square Photo Blur and noted that it was similar to the other apps. 

To avoid being detected by Google Play's malware screeners, the ChartreuseBlur apps were kitted out with a so-called three-stage payload evolution.

"In both Stages 1 and 2, the code appears innocent, but if there’s going to be ad fraud, the app needs to render the code to do so and the Satori team spotted it during Stage 3,” they explained.

In the first stage, the app employs a Qihoo packer as part of the installation process. As noted by WhiteOpps, this isn’t out of the ordinary because packers are often used for preventing piracy. 

But WhiteOpps pointed out that despite this, “all of the malicious activities, services, and broadcast receivers were declared in their manifests.”

The apps also used stubs, which essentially play the role of a placeholder when developers are testing code. White Ops found that the stubs were “used as a bridgehead for Stage 2”.

Malicious aims

During the second stage, the researchers said the Square Photo Blur app was “being used as a wrapper around another Blur app”. 

But the app wouldn't be malicious at this point because the crooks want users to think the app is real.

In the third stage, things quickly change when “the malicious code is finally revealed.” This is when the out-of-context adverts appear -- and they're visible whenever users unlock their devices, put the devices on charge or switch cellular data and Wi-Fi on or off. 

The malicious apps have all been removed from the Google Play Store, but White Ops has posted a list of the app names and package names. 

Threat actors often develop mobile apps that look legitimate but are actually filled with malware. To protect yourself, you should only download apps from reputable sources, read reviews and check what permissions an app wants to access.

You'll also want to use and install one of the best Android antivirus apps, some of which are quite inexpensive or even free.

• More: Protect your mobile with Android antivirus and Android VPN apps

A new variant of the Joker dropper and premium dialer malware recently made its way into 11 apps in the Google Play Store, reports information-security firm Check Point.

According to Check Point's report, released today (July 9), the creators of Joker have updated its code to enable it to get around Google Play security measures and infect Android devices yet again.

• Stay safer online with the best antivirus software you can get
• Best VPN: pick the ideal provider for watertight privacy
• Just in: Android banking malware downloaded 10,000 times from Google Play

Checkpoint researchers said the latest variant of Joker hid in “seemingly legitimate applications” and installed “additional” malware onto the devices of unsuspecting users.

They explained that the malware then “subscribes the user to premium services without their knowledge or consent.” 

The latest strain of Joker was found in 11 different apps, including a flower wallpapers app, a file-recovery app, an alarm app, a memory game and several apps that offered cheery messages or relaxation. All were removed from the Google Play store by April 30, according to a Check Point press release.

Leveraging old tactics

To avoid detection of the malware, Joker’s creators usually make small changes to the code. For example, 24 apps were booted from Google Play in September 2019 for harboring Joker.

But the Check Point researchers said that this time around, the malware developers “adopted an old technique from the conventional PC threat landscape and used it in the mobile app world.”

“To realize the ability of subscribing app users to premium services without their knowledge or consent, the Joker utilized two main components – the Notification Listener service that is part of the original application, and a dynamic dex file loaded from the C&C server to perform the registration of the user to the services,” wrote the researchers. 

The researchers said Joker’s creators “hid the dynamically loaded dex file from sight while still ensuring it is able to load”, a method they said is usually adopted by cyber crooks developing Windows malware. 

“This new variant now hides the malicious dex file inside the application as Base64 encoded strings, ready to be decoded and loaded.”

What to do if you're infected

For users who have downloaded an infected app onto their device, Check Point recommends that they uninstall it; review their bank statements to see if any payments for unfamiliar subscriptions have come out of their account; and use one of the best Android antivirus apps.

A full list of the Android package names is below. These package names don't always correspond to what the app is called in Google Play or app stores, however. 

• com.imagecompress.android
• com.contact.withme.texts
• com.hmvoice.friendsms
• com.relax.relaxation.androidsms
• com.cheery.message.sendsms
• com.cheery.message.sendsms
• com.peason.lovinglovemessage
• com.file.recovefiles
• com.LPlocker.lockapps
• com.remindme.alram
• com.training.memorygame

It’s been a long time coming, but, at last, Dark Theme is available on the Google Play Store for every Android phone out there. 

Google is now pushing this Dark Theme version of Google Play Store after its official announcement. This update comes on the heels of popular chat app WhatsApp finally getting a dark mode.

• Whatsapp Dark Mode is here for everyone
• Plus: Huawei P40 may be cheaper than Galaxy S20 -- but there's a big catch

I had sideloaded a beta version package of the Google Play Store with Dark Theme, so I’ve been using the new look for a while. However, last night I noticed how the entire interface turned back to the light theme after an automated update of the Play Store app. Now it seems that everyone should be getting this version. 

If you haven’t yet, go to the Play Store, click on the hamburger button on the top left corner and check for updates in order to get the new mode.

How to activate Dark Theme in the Google Play Store

1. Click on the hamburger menu on the top left corner of Google Play Store. Then select “Settings.”

2. Click on “Theme.”

3. Finally, select “Dark” if you want the app to be permanently in dark mode or “System default” if you want it to follow your phone’s general dark theme setting (which may or may no be there depending on your version of Android).

You are done.

Please Google, give us an AMOLED Black option

The only bad thing about this dark mode is that, like with WhatsApp, it doesn’t use 100% black. The best Dark Mode apps use what is called AMOLED black which, in OLED panels, means that every black pixel will be totally turned off, saving you precious battery life.

Many apps offer AMOLED black by default. Some give it as an option (like Reddit). The Google Play Store uses a dark gray instead, like Google Photos. And that — although it saves some energy — is very annoying. Never mind the energy savings, though: AMOLED black just looks cooler to me. I wish all apps allowed this, perhaps with a system-wide setting. It doesn’t change things for the companies and from a UX point of view, it doesn’t really make a big difference. Right now it looks like I’m wasting my AMOLED-based phone, which looks like a washed-out LCD black.

Google has disabled all Play Store searches related to the Covid-19 coronavirus now spreading through the world.

First reported by the blog 9to5Google, if you enter either ”coronavirus” or “covid-19” in the Google Play Store, nothing will appear on the results. This is a new situation that has apparently developed in recent days.

• The best Android apps right now
• Google Assistant just gained a feature Alexa can't match
• ALERT: Hand sanitizer selling out: Where you can still buy it

Google hasn’t made any announcements but it’s logical to think that the company wants to limit user access to apps that may wreak further havoc in the population, either spreading misinformation or milking people’s fear: it will be very easy to make an app about Covid-19 that uses ads or offers paid features.

There have not been any reports of such apps yet, though. We only know of malicious online documents that pretend to offer information about the epidemic but actually deliver malware.

It is possible that Google has decided to avoid any potential public health problems by taking this measure against all apps, without individually evaluating them. It’s not crazy to think that some of these apps may actually be useful for users. All the information is online and available on the web, but I can imagine people wanting a virus dashboard app that shows you real-time information about the virus collected from different sources.

A misguided approach?

But if Google has indeed blocked all searches out of fear of spreading misinformation or is afraid that some crooked developers can milk gullible scared users, why ban any coronavirus-related app from the store?

Perhaps a better path of action would have been to establish an in-depth, high priority approval process that could have given people apps useful to fight the spread of the infection.

Furthermore, Google hasn‘t curbed coronavirus searches on its web search service. A search just offers unfiltered information as far as I can see.

Facebook changes misinformation anti-censorship policy... just for the coronavirus

While Facebook hasn't backed down from allowing lies in political ads, Zuckerberg is following a different approach to fight coronavirus on his social network.

As Tech Radar reports, the company is actively hunting and shooting down false claims, conspiracy theories, and anyone peddling miracle cures. If they only could the same with everything else, including paid political advertising.

On the positive side, Facebook is also redirecting any search for coronavirus to the World’s Health Organization and local health authorities. The company is also giving the WHO free advertising space.

Twitter is not blocking content — yet. But it’s reportedly preceding any coronavirus related tweets with a “Know the facts” box that links to information from a verified local health source.