By Tom Jowitt
Security experts are warning football fans to be cautious after uncovering four fake FIFA apps on the Google Play Store that are nothing more than adware—highlighting ongoing security concerns about Android and its marketplace.
It also raises concerns that scammers will look to exploit the Euro 2016 football tournament to try and trick more people into downloading malware and other malicious items.
The discovery was made by Jan Piskacek of Avast Software, who said that there are “at least four soccer/football apps on the Google Play Store, all with the same or similar names, that are pretty bad knock-offs of the popular FIFA app.
“All four apps have negative reviews claiming the apps do practically nothing but display ads.”
Rogue Football Apps
When Piskacek dug a little deeper, he discovered that while these four apps were uploaded under different developer names, they seem to be developed by a single developer, and there were no links to any developer homepage.
The apps concerned are called ‘Football 2015’, ‘Soccer 2016’, another app also called ‘Soccer 2016’, and finally ‘Football 2016—2025’.
Piskacek decided to test the four apps and discovered that their negative reviews were unfortunately well warranted and were full of adverts. All of these rogue apps request agreement to Airpush’s (advertising network) privacy policy & advertising terms when opening the apps for the first time.
When a user accepts those terms, it means that Airpush can automatically collect certain data from their device, including device ID, IP address and a list of apps installed on the handset. Even worse, Airpush can receive information from the user including their precise geolocation, browser history and email address.
Additionally, when the user clicks “Ok” to these terms, they give their consent for Airpush to associate the Google advertiser ID from their device with other information it collects about their device, including persistent device identifiers and/or personally identifiable information.
One of the apps claimed to have detected 13 viruses on the researchers phone, and if this was not resolved in the next few minutes, it would damage his SIM card..
“Someone is clearly trying to make money by showing soccer/football enthusiasts a nearly uncomfortable number of ads,” added Piskacek. “These apps may be smaller in size than the FIFA app, but I can definitely recommend downloading the FIFA app over these apps if you want to enjoy playing a nice game of soccer/football.”
Android Security
The Android operating system unfortunately has a poor reputation when it comes to mobile security. Matters are not helped by the fact that numerous bogus apps have been detected on the Google Play Store.
Last month, Google apologized after a mobile app that spread news and propaganda supporting the Taliban was allowed onto the Google Play marketplace.
In January this year Google was forced to remove 13 malicious Android apps masquerading as games, after it emerged they were capable of executing unauthorized commands and code difficult to remove.
Last November, security researchers said they had found more than 20,000 popular Android applications on third-party app stores that were repackaged with malware that installs non-removable advertising tools. The ad tools were installed in such a way that affected users could be obliged to replace their device.
And last July, Google removed a malicious application posing as a popular batter monitoring app from Google Play, following revelations from security firm Zscaler.
To be fair though, Google Play currently has around two million apps available to download, with the company having to review thousands more each week.