How are malicious apps getting pass Google Play Store’s review process and their rigorous PHA (Potentially Harmful Application) screening? Well, they’re using a technique called versioning which is sneaky and hard to detect. The attackers would first release an initial version of an app on the Google Play Store that appears legitimate and passes all their checks. However, once the app is installed, it would later receive an update from a third-party server changing the code on the end user device that enables malicious activity. This method of pushing updates is called Dynamic Code Loading (DCL) and it effectively turns an app into a backdoor. Some apps had been found to remain innocuous for a long time, even up to a year, before malicious changes are introduced. To mitigate this risk, it is recommended to only use trusted sources for downloading apps. Google Play Protect should also be enabled so that notifications are sent when a potentially harmful app is discovered on the device.
https://www.bleepingcomputer.com/news/security/google-explains-how-android-malware-slips-onto-google-play-store/
https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html
This segment was created for the It’s 5:05 podcast