trend logo

Just like any open marketplace, there's a lot of crap in the Play Store. In a strange and roundabout way, I'm actually OK with that - separating the silver from the dross of Android apps is one of our core functions at Android Police. But a recent promotion from antivirus vendor Trend Micro painted an extremely dim picture of the Play Store. The company claimed, among other things, that the Play Store was full of "potentially evil doppelgangers... with many carrying malware."

Trend's report of the situation (PDF link) was chilling, reporting that 100% of the Top 10 apps in the Finance, Media & Video, and Widgets categories had fake apps associated with them, along with 90% in the Business, Music, and Weather categories. The report claimed that more than three-quarters of the Top 50 apps overall had fake versions.


Furthermore, it claimed that fully half of the apps categorized as "fake" were malicious, i.e., containing adware, malware, or other nasty stuff.

fake 2

The rest of the report contains various horror stories, including fake Flappy Bird apps that used chargeback SMS messages, fake BlackBerry Messenger apps with aggressive advertising, and oh yeah, a section on a certain "Virus Shield" app that you might be familiar with. Improperly cited, I can't help but notice.

fake 3

Here's where things get ugly. A press release issued to various tech publications to promote Trend's blog post and the report itself used language that might make P.T. Barnum blush.

Google Play populated with fake apps, with more than half carrying malware

Potentially evil doppelgangers for the most popular apps are inundating the Google Play store, with many carrying malware, according to a new blog post and report by Trend Micro, a global developer of cyber security solutions.

Jack Wallen, a writer for Tech Republic, read through the report and blog post and thought things seemed a little fishy. After searching for fake versions of the top finance, media, and widgets in their categories, Wallen came up with zero results on the Play Store. That's a far cry from Trend's claim that essentially all of the top apps in these categories had doppelgangers running around, half of which were "potentially evil."

It turns out that Trend Micro is guilty of a little over-eager language that obfuscated the nature of some of these threats. While there are indeed fake versions of many popular Android apps available for download, Trend failed to mention in their initial promotion for the report that the apps in question were posted outside the Play Store, and had to be installed manually in what's commonly known as a side-load. This requires users to download the app in a browser, ignore a standard security warning about APK files, and disable a security option in Android's main settings menu. Trend's reply to Wallen highlighted this [emphasis ours]:

Our research isn't saying that this problem exists exclusively on Google Play because the majority of these problem apps are available in places other than Google Play. We are now aware that this point wasn't presented in a clear enough manner, and based on that feedback we have updated our blog with the following:

Update as of July 17, 2014, 9:08 A.M. PDT:

Note that the fake apps samples we gathered are from third party sources and none was found in Google Play

The point of our research, in fact, is to highlight the risks around apps found in apps from sources other than Google Play.

To my mind, Trend's biggest mistake was including descriptions of legitimate malware threats found outside the Play Store alongside those of merely fake (and basically benign) apps inside the Play Store. The only example of a truly harmful app found inside the Play Store was "Virus Shield," a useless paid antivirus pretender that Android Police exposed earlier this year. The app was subsequently removed from the Play Store, and Google issued refunds to customers who purchased it. Antivirus vendors like Trend Micro and security research companies have an interest in demonstrating the dangers of computer security... and a history of sometimes overstating that danger.

Make no mistake, there are real security threats to Android users from fake apps. But the Play Store remains surprisingly safe, Even outside of the Store, Google's internal metrics estimate that about 1 out of every 100,000 malicious apps identified by the Verify Apps feature built into Google's non-AOSP software suite actually gets through various defenses and harms users. As has always been the case with computers of any kind, the danger ramps up when you disable built-in security measures, ignore warnings, and download programs from untrusted sources.

Source: Tech Republic

Michael Crider
Michael is a native Texan and a former graphic designer. He's been covering technology in general and Android in particular since 2011. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

  • z0phi3l

    This is what happens when you let Apple fans write "reports"

    • SuperMario7

      Trend sell security software and like a lot of other security companies they produce reports which are basically just scaremongering people into buying their security software which funnily enough happens to be on sale on the Play Store... But hey Apple blah blah blah

      • David

        I came here to say exactly the same thing. I was even going to use the same word: "scaremongering" to make people want to buy their stuff.

    • J. Martin

      Trend Micro is not an Apple fan. At all.

      The built their business around PC and Android software.

    • MindFever

      Oh come on,Apple,really? ...that's a pile of demagogue crap right there.
      Regarding TM's report, I think it's misleading and ridiculous. I hope they get screwed.

  • evolutionx1

    Android Police, literally.

    • http://thegumshoe.com/ Michael Crider

      We can't claim this one, Mr. Wallen did all the legwork.

      • Jason B

        At the end of the day, we're responsible for what we install on our phones. If you accept an app install that has excessive permissions not related to the functioning of the app, and are surprised by receiving push adverts or other various annoyances, then it's your fault for not reading and understanding properly.

        Sadly though, many people like to shift the blame onto others. Google probably could clean up the Play Store a bit, but I remember a time with my OG Droid when there wasn't much in the Android Market.

        • MindFever

          What IF... What if Google completely disabled sideloading or installing apps from unknown sources UNLESS you unlocked your bootloader ? It would protect average users from this ...okay it would also be interpreted by Amazon to fuck off :D Amazon could still sell apps but it would have to be tied with play store or something...

          • Sashank Narayan

            That would suck. There are many occasions where you'll need to sideload an app without all the hassle. One good example is installing the Google Keyboard on non-Nexus devices in India, where it doesn't show up in the Play Store (yet). I have installed it in on all my family's devices, all of which run stock with locked bootloader save for my own devices. Sideloading is one of the many advantages of Android, and Google shouldn't disable it to counter user-stupidity.

          • Nick

            Yeah I mean how else are you supposed to install pirated apps without being able to side load them?

          • Sashank Narayan

            Don't troll, I gave a very specific example to validate my point.

          • Daniel Collins

            That would suck horribly.

          • Kevin

            To be fair, it is disabled by default, you actually have to go in to the settings to take enable it and it does warn you there, so the majority of 'average' users wouldn't have this problem.

            I was in the samsung shop the other day where the staff were advising users to install a virus solution on the phone - these people with average joe's and would not install from anywhere but google play... they do not need an anti virus software.

  • Fabian Pineda

    Go home, Trend Micro, you're drunk

  • nawa

    That's nice. Another bullshit argument about the unsafety of Android. It annoys me than it should.

    Shouldn't Trend Micro update their release with clarification?

  • https://play.google.com/store/apps/developer?id=iWizard Bikram Agarwal

    Rule of thumb - don't believe any "security" related news any anti-virus company is peddling.

    • Thomas

      This, tons of the applications they report are even just "PUP", i.e. "Potentially unwanted Programs" a category that can include a bit more aggressive ad networks, actual root utilities, and what not, all so they can promote their product on the only marketplace and paltform it's allowed on, while being able to do almost other than list potentially unsafe programs..

    • thelionk

      I was at a computer science security related conference once, and one of the speakers was talking about how his job working for an antivirus company was to make viruses that other antivirus wouldn't detect, but theirs would, just to showcase how theirs was better. He worked during the 90s.

      • TDN

        This is still going on today, it is the main reason that antivirus software is as prevalent as it is.

        Most updating comes from contracted "white hat" hackers writing code and them making it so their software can detect it.

      • New_Guy

        It's called scareware and it is one of the most pure forms of evil known in tech.

  • Mazio

    The sky is falling! The sky is falling!

  • obarthelemy

    That kind of FUD is scandalous. Trend sees opportunity to sell AV licenses, go whole hog on making stuff up. No possibility of AV software on iOS -> no such reverse hype, and people conclude "Android is so much more unsafe !".

  • jcopernicus

    Shame that you guys want to sensationalize an other wise thorough report on app duping.

    It is the weekend though, so I'm not surprised.

    • Austin Spangrud

      Well this is android news. And pretty important news. May not be a new gadget or a new app but... This is about android. So... Yeah.

      Otherwise this is also a good way to get news out. Reporting on it. The more you talk about how wrong this article is, hopefully the more people will stop saying that its true. Most regular people only have the play store or the amazon store...

      So this doesn't effect those people. Yet they're trying to tell you it will and you should download this software to save your phone. They should not be omitting information to make their claims. That's not good reporting.

    • thelionk

      I don't know, saying that the play store has zero fake apps: "none was found in Google Play" should have been pretty important. They obviously leave out the metric of: how many android user install app not from the play store.

      Leaving these out, it doesn't seem very thorough to me.

      • Wesley Modderkolk

        "I don't know, saying that the play store has zero fake apps: "none was found in Google Play" should have been pretty important."

        You don't know how this was when the research was done. It could very well be that there were a few on there, but were deleted by Google after it was found.

        • Joris Griffioen

          A few =/= half ...

          The complaint that this article is sensationalised is ridiculous, the whole point of the article is to call out the sensationalising that Trend Micro is doing.

          • Wesley Modderkolk

            Where did they claim half of them were found on the Play Store? Nowhere.

            Trend micro's research did not say, nor discriminate, where the fake apps/malware was found, only that they were fake versions from apps found on the app store. And frankly enough, knowing the internet that 77% doesn't seem to unreasonable.

          • Joris Griffioen

            "only that they were fake versions from apps found on the app store"

            Don't you think this is already ambiguous about where those apps reside?
            The problem is with not formulating their press release properly, leaving that same ambiguity in. 95% of the people who will hear about this won't read the research.. they'll just see the headlines. "77% of android apps fake and malware"

          • Wesley Modderkolk

            And no that I do agree.

            However, could anything else be expected? I mean, their income is reliant on a lack of internet security.

            I wouldn't call Trend micro's research as "sensationalizing" but rather as a good use of statistics to benefit their market.

          • thelionk

            It sounds like sensationalizing to me:

            "present information about (something) in a way that provokes public interest and excitement, at the expense of accuracy"

            They left out important details, purposely making it less accurate for the reader. Once AP brings us back the accuracy, it's obvious there's no reasons to get excited about this. Just leave the setting to disallow side-load in your phone, and you've got 100% protection against fake apps and malwares.

        • thelionk

          If that is what happened, there follow up statement would have been: "There was at the time of our research, but more recent research has found none anymore." Except they said: "none was found in Google Play", talking about when they did the research, they found not a single fake app on Google Play, but did find a lot of them outside of it.

    • Anon

      Do you even know what "sensationalize" means?

    • MindFever

      Their stats were misleading. That's important. I didn't see any sensational claims by AP here,only that they (TM) were exploiting the fear factor of average users so they would immediately download their app...that's not very honest.

  • Josh Crumley

    "Note that the fake apps samples we gathered are from third party sources and none was found in Google Play"



    • PhilNelwyn

      «In a sentence like “None were missing,” there is an implicit noun that answers the question, “None of what?” If that noun is singular, none takes a singular verb. If that noun is plural, it is up to the writer and the sense of the sentence to determine whether none takes a singular or a plural verb.

      None was missing. (None of the pie was missing.)
      None were missing. (None of the cookies were missing. But there may be times when a writer prefers was, as in Not a single one of the cookies was missing.)»


  • Richard

    I think Google should step in and ban Trend Micro and other Antivirus firms from Google Play Store. These companies and their apps add nothing to the android ecosystem, they don't do much in the first place and then go on to damage public perception of Android by calling it Malware ridden.

  • dude

    TrendMicro detection performance doesn't seems to be the best: http://chart.av-comparatives.org/chart1.php

    • TDN

      Their detection is decent, at least it is above the mean, but their false positives are very disturbing. Seems like TM and McAfee are a bit over sensitive in detection.

      • MindFever

        That's on purpose so people "feel safe" because the antivirus "works" since it found viruses in time...of course average users don't know what's a false positive so they move along.

  • Major_Pita

    Anyone notice the the red and black graphic looks either like A.) A zero - perhaps a foretelling of Trend Micros credibility... or B.) The business end of a plunger... in homage to Trend Micro's source...

  • Untrendy Micropenis

    Brb gonna rate all trend crapro apps 1 star and flag them as malware.

    • MindFever

      I will join you on this quest!

  • De5str0yer.

    “I do not think that more than 99% of users are even benefitted by anti-virus,”

    Android Security Chief
    -Adrian Ludwig 2014

  • Wesley Modderkolk

    Great use on where you draw the line on where you call something malware. Seeing the recent privacy concerns, it could very well be that they badged apps that ask too many, or unrelated permissions(or even think root, if you want to really be picky) were defined as malware. In which, their numbers could be very correct. Many apps use way too many permissions than what they really need, and this indeed is a privacy concern.

    Also, it doesn't really say that those fake were found on Google Play, it only says that those were fake versions for apps that were available in the Play Store. It does not discriminate on where these apps were from.

  • flosserelli

    Anti-malware apps are unnecessary when you use common sense:
    1. Don't sideload apks obtained from random filehosting sites.
    2. If the web browser prompts you to download something you didn't ask for, then don't download it.

    Pretty simple.

    • MindFever

      Even if it downloads you still have to manually install it...just,don't install. Google should enable extensions for Chrome on Android...for stuff like this .

  • Reg Joo

    ya know cnetpple, will be all over this, without actually looking into the facts.

    • paxmos

      Who cares.

      • MindFever

        Somebody woke on the wrong side of the bed

        • paxmos

          They dont need an excuse to bash Android, they do it anyway.

    • MindFever

      Lol that's very true...

  • Big Tony

    Have some crow Trend Micro.

  • TDN

    This is one of several reasons I uninstalled TM software from my PC (never had it on my phone). They are deliberately, and irresponsibly, reporting inaccurate "facts", the whole time cashing in on people's fear.

    Malware on Android is real, just look at "Yo", "Virus Shield", and some of the BBM apps that popped up before the official one was released, however, outside of those outliers, the only way you are going to get malware on your device, is by putting it there yourself.

  • jurrabi

    The Trend intentions are very clear, there is no misunderstanding there: "Play Store was full of "potentially evil doppelgangers... with many carrying malware." There's no other way to interpret this.
    So, anyone in line to buy Trend products?

  • Struds

    77% of 50 is 38.5.
    So there must be an app that has half a fake version of itself!

    • MindFever

      You misunderstand how statistics work :)

      • Struds

        I think trend Micro misunderstandings how English works. The article says that a survey of the top 50 apps found that 77% had fake versions. That just means that looked at these 50 apps and went to see if there was a fake version of it. They were clearly trying to say something else, but that's how it reads.

  • johnediii

    I don't want to defend this ludicrous report from Trend, but the real threat out there is to businesses. Not directly from malware, but from customers. I contract with a security software company, although for a different division, not security. Every security customer we have basically is using it to Cover their own asses in case there is one tiny breach somewhere. If you compromise a piece of data because it was in an email on the phone of one jackass employee who side loaded an app, you're in serious danger of getting sued. This is the reason that companies use disk encryption, anti-virus/anti-malware, and data loss prevention tools. Not because of real direct software threats but because every customer is a potential plaintiff.

  • paxmos

    I am not surprised with Trend Micro. Not all of their own product do or behave as promoted/advertised.

  • Awais Ullah
  • Jack Jennings

    This is the exact kind of bullshit publicity that Android does NOT need!

  • dxppxd

    I bet there are more antivirus apps than actual malware on the playstore.

    Here's how TM argument works: let's all purchase shark attack insurance, because there are a lot of sharks in the ocean, and the ocean is 75% of the planet.

    • GraveUypo

      one of the best analogies i've ever seen.

  • Daniel Collins

    I love Trend Micro, but they say stupid stuff sometimes...

  • Robert_Au

    Look again. Adware and Spyware are Malware so a lot of the apps could be classed as Malware... These terms are less popular with the shift from PC to mobile devices but it doesn't just the fact that the behaviour is the same. Apps leaking private data to advertising companies, or nastier creatures, are common. Apps displaying ads when not running in the notifications area are common.

  • paku

    Why not Google including a advance security system in the OS, which not only works in playstore but in every devices on android, which will scan when installing an app and also verify apps permission list, then it will be easier for us to install apps from any where and keep device clean.

  • http://mekakiwi.blogspot.com.br/ ED-Z が あらわれた!

    So, an "Internet Security" company using scareware tactics to sell their products?
    Somehow... I'm not surprised...