Android VPN apps found serving disruptive ads

A security researcher has discovered in the latest case of adware in the Google Play Store four VPN apps that serve ads while running in the background and on the home screen of Android smartphones.

While investigating suspicious Android VPN apps, Andy Michael found that Cheetah Mobile's Hotspot VPN, Free VPN Master, Secure VPN, and Security Master showed pop-up full-screen ads on their smartphone, although none of them was currently open.

It's also worth noting that all of these apps come from Hong Kong or China, where VPN usage tends to be higher than in other countries due to the huge Chinese firewall and ongoing protests in Hong Kong. While three of the four apps provide VPN services to users, Security Master is an antivirus app.

All apps showing Andy Michael's annoying ads are still available in the Play Store at the time of writing.

Adware apps

In addition to the Google and Facebook APIs used to serve ads, Michael's investigation revealed that Hotspot VPN also contained obfuscated code for showing full-screen ads, whether the app is currently open or not. This leads to considerable battery and CPU usage. The name of this app is similar to the legitimate VPN. Hotspot Shield and his developer have probably chosen this name to trick unsuspecting users into downloading their app.

It was discovered that Free VPN Master uses the same code to serve Google ads, and that its APK file has the same code structure and files as Hotspot VPN. According to Michael, both apps are the same, except for minor changes in the code.

READ  Samsung Galaxy S10 has a major security flaw – but it’s going to be fixed

Secure VPN, however, was the worst offense since ads were shown when other apps were open and even appeared on the user's startup screens. The app also contained references to code that recorded activities, such as For example, when an ad was displayed, clicked or discarded by the user. Security Master, on the other hand, used a more sophisticated behavior to show ads when users tried to return to the Home screen or when certain buttons were clicked.

Android users are constantly warned not to install apps from unknown sources. However, if they can not even trust the Google Play Store to find legitimate apps, there is a serious problem.

  • Worried about downloading a fake VPN app? Check out our full list of the best VPN services from 2019

About TNW

Spread the good stuff:
This post contains affiliate links, to find out more information, please read our disclaimer.
The price written on this page is true as the time it is written. It may change at any moment.

Related Posts