Android VPN apps found serving disruptive ads
Security researcher discovers four popular adware apps with 500m+ installs
A security researcher has discovered four VPN apps that serve ads while running in the background and also on the home screen of Android smartphones in the latest case of adware found on the Google Play Store.
While researching suspicious Android VPN apps, Andy Michael found that Hotspot VPN, Free VPN Master, Secure VPN and Security Master by Cheetah Mobile were all showing full screen pop-up ads on his smartphone even though none of these apps were currently open.
It is also worth noting that all of these apps originate from either Hong Kong or China where VPN usage tends to be higher than in other countries due to China's Great Firewall and the ongoing protests in Hong Kong. While three of the four apps provide VPN services to users, Security Master is an antivirus app.
- Fake VPN website delivers malware
- Anything to hide? Why your VPN provider should be audited
- China VPN use may finally be getting easier
All of the apps found to be showing disruptive ads by Andy Michael are still available on the Play Store at the time of writing.
Adware apps
In addition to APIs from Google and Facebook used to show ads, Michael's investigation also found that Hotspot VPN also contained obfuscated code which is used to show full-screen ads regardless of whether or not the app is currently open which results in significant battery and CPU usage. This app's name also resembles the legitimate VPN, Hotspot Shield and its developer likely chose this name as a way to trick unsuspecting users into downloading their app instead.
Free VPN Master was found to share the same code for serving Google ads and its APK file has the same code structure and files as Hotspot VPN. According to Michael, both apps are identical apart from slight modifications in their code.
Secure VPN though was the worst offender as it served ads when users had other apps open and even overlaid them on top of user's home screens. The app also contained references to code that recorded activities such as when an ad was displayed, clicked on or dismissed by the user. Security Master on the other hand, used more sophisticated behavior to show ads when users tried to go back to the home screen or when certain buttons were clicked.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Android users are constantly warned to avoid installing apps from unknown sources but when they can't even trust Google's own Play Store to find legitimate apps, there is a serious problem.
- Worried about downloading a fake VPN app? Check out our complete list of the best VPN services of 2019
Via TNW
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.