When popular apps Power Shade and Material Notification Shade were flagged as malicious and taken down from the Play Store last month, our main takeaway was to be cautious of the apps and the developer, Treydev Inc., going forward. Now both apps have returned to the Play Store, but with a less-than-satisfying explanation from the developer, there's little reason to lift that warning.
Power Shade, which has over 500,000 installs, and Material Notification Shade, which has over 1 million, both allow users to customize their phone's notification shade without root. The two apps were flagged as harmful and unpublished from the Play Store on December 29. While many suspected the removal was the fault of overzealous Google bots or the Play Store's policy on Accessibility services, the answer we got from the developer shed a different light on the situation.
The developer told our own Rita El Khoury that the issue was due to the use of a library that wasn't his own. According to Google, the library was "leveraged to proxy requests to visit and retrieve content from specific websites." The developer's plan was to republish the apps under a different package name and without that library, which he has now done. The two apps returned on January 14, along with a Google Plus post.
Treydev's recent Google Plus post.
The developer wrote in the comments on that post that he received the library through popular proxy service OxyLabs, and promised that he was not making money collecting or selling user data. However, as Appuals points out, there may be more to this than meets the eye. The infamously shady company formerly known as HolaVPN is suing OxyLab's parent company Tesonet for using its patented scheme - namely, making each user's device into part of a proxy network (some might say botnet) when the device is idle. You may remember this case because NordVPN, a partner of Tesonet, was dragged into it as well.
This is just an allegation, but taken alongside the fact that Google Play went so far as to remove these apps, both of which used an OxyLabs library, things don't look great. Even if the developer wasn't aware of the issues at hand, he really should have been. I'd give these apps a miss for now - they may no longer be harmful, but it's difficult to trust an app or its developer if they refuse to take responsibility for a major flaw in their product.