After CamScanner introduced intrusive, unskippable full-screen advertisements to its free PDF scanner back in April, it now finds itself in the middle of another controversy. This time, it might mean the end to its life on the Play Store altogether. Kaspersky security researchers found evidence of malware in multiple versions of the app, published between June and July this year. While our own tests conclude that the August versions are free of malware, Google still decided to pull the plug and banned the app that accumulated more than 100 million downloads from the Play Store altogether.
The security experts identified the malware in question as a Trojan Dropper, a software that's sometimes found pre-installed on Chinese phones. It executes files from an encrypted part of an app's APK, running malware that in turn downloads additional modules. In CamScanner's case, these could display intrusive ads all around the phone and sign up users for paid subscriptions without their knowledge. According to the researches, some reviewers on the Play Store reported strange behavior after using the app and urged others not to install it.
We've identified the unsafe versions of CamScanner and purged them from our own APK hosting platform, APK Mirror. It looks like an update on June 16 first introduced malware into the app, with four subsequent releases ranging from June 24 to July 25 retaining it. A new version published on July 30 finally got rid of the malware, and the four releases following it haven't introduced it again.
- May 23, 2019: 126.96.36.19990522 – safe
- June 12, 2019: 188.8.131.5290611 – safe
- June 15, 2019: 184.108.40.20690614 – safe
- June 17, 2019: 220.127.116.1190616 – unsafe
- June 25, 2019: 18.104.22.16890624 – unsafe
- July 10, 2019: 22.214.171.12490708 – unsafe
- July 10, 2019: 126.96.36.19990710 – unsafe
- July 23, 2019: 188.8.131.5290723 – unsafe
- July 25, 2019: 184.108.40.20690725 – unsafe
- August 1, 2019: 220.127.116.1190730 – safe
- August 13, 2019: 18.104.22.16890809 – safe
- August 17, 2019: 22.214.171.12490814 – safe
- August 19, 2019: 126.96.36.19990816 – safe
- August 24, 2019: 188.8.131.5290820 – safe
- August 25, 2019: 184.108.40.20690825 – safe
- August 30, 2019: 220.127.116.1190827 – safe
- August 30, 2019: 18.104.22.16890828 – safe
- August 30, 2019: 22.214.171.12490829 – safe
If you're still inclined to use the app despite everything, the APKs marked safe above are all available on APK Mirror, including the latest August 30 version. Google has yet to release a statement if it's allowing the app back into its distribution platform despite it violating Play Store policies.
We've checked additional versions and added them to the list above. It's safe to say that all APKs published between June 17 and the end of July are affected, while releases starting with 126.96.36.19990730 from August 1 should be clear.
CamScanner released a statement attributing the malware to its ad network AdHub. The developer uploaded a new version without AdHub to APK Mirror and hopes to bring the app back to the Play Store soon. Read more here.
- Shahul Hameed Akbar