Many of you are visiting family for the holidays, which means you’re sharing meals, telling stories, and exchanging gifts. In fact, quite a few of you may be giving phones or tablets to family members this year. If you’re a regular around here, you’re probably also known as the resident gadget expert, an honor that is both a compliment and a curse — you know what I’m talking about. While you might be trying to avoid impromptu tech support work, we would like to encourage taking a few minutes to do something for the greater good: Clean the trash apps from your family members’ devices.
You know which apps I’m talking about. They’re games that inexplicably need every permission, memory managers that promise to clean up RAM, and apps that promise free stuff. A lot of people don’t know what’s up with this stuff, but you do, and you can help them. It won’t be easy, just like convincing your parents that their dubious political views aren’t healthy, but you’ll sleep a little better knowing that you took money away from a few lying jerks.
Note: I’ve written this post with occasional tongue-in-cheek comments that are meant to be read in a somewhat sardonic tone. The goal is to impart a little humor, not insult or mock family and friends. I just wanted that to be clear, especially in cases where certain idioms and sarcasm may not translate well.
(Short) story time
Three years ago, in August 2015, an app came across my desk that demonstrated how pitifully dishonest developers could be. It was named RAM Booster 2015, and we pondered how something like this could hit 100K downloads.
What made this app so interesting is that it did nothing. No, seriously, nothing.
I decompiled the app and picked through the code with a couple other people. We quickly found that the only code not belonging to ad networks was there to drive a button and progress bar. Tapping the button would begin filling the progress bar, and eventually reveal a message claiming “Your RAM memory is boosted” in a pop-up box.
This heap of steaming dung eventually hit 1 million downloads
Oh, there was one more thing in the code. RAM Booster 2015 attempted to call a private method named freeStorage from the Package Manager. The first problem with this is that freeStorage wasn’t intended to kill background apps, but instead triggers the OS to erase app caches. But it couldn’t actually do that either, because freeStorage requires a CLEAR_APP_CACHE permission with a protection level of systemOrSignature, meaning it can only be granted to system apps or those that were signed by Google, OEMs, or other trusted parties. That’s actually a good thing, because if freeStorage were to be called, it would actually slow down a device each time cache has to be rebuilt for your apps. #AccidentallyNotMalware?
The following year, this heap of steaming dung eventually hit 1 million downloads. It wasn’t until just a few months ago that Google finally removed it, along with many others that we had reported.
Appbrain history for RAM Booster 2015
Truth be told, I’ve been trying to write this post for 3 years, but I’ve always been too busy and the timing never really worked out. By some coincidence, Google happened to hit my growing list of these shady apps this year.
Current conditions
Google deserves a lot of credit for tightening the leash on bad practices. Some of the worst offenders were eliminated altogether, and many others had to change entire business models to avoid being banned. Malware and spyware have been slashed significantly thanks to scanners like Bouncer and what’s now called Play Protect.
Despite Google’s best efforts and tons of removed apps, there are still plenty of bad guys sneaking through the gates onto the Play Store where they’re able to take advantage of your clueless siblings. Since this summer, we’ve seen a shady battery saver, a massive ad fraud operation, and some (trending) apps installing outright viruses. And before anybody writes this off as just an Android thing, keep in mind that Apple hasn’t been able to keep iPhone users away from plenty of very serious scams and privacy violations, too.
There are also lots of shady and opportunistic apps that aren’t necessarily considered malware (yet)
There are even plenty of shady and opportunistic apps that aren’t necessarily considered malware (yet). Take RAM Master, an app that was first published early last year and has amassed well over 10 million downloads. It claims to cool your CPU by “freezing overheating apps.” Seriously, you can’t make this stuff up; but judging by that download number, your hapless neighbor totally believes it and has recommended the app to everybody else.
I went poking around in this one too. I don’t think you’ll find it surprising that this is just a crappy task killer, but at least you can argue this one does something, unlike our previous example. But…
There’s more to it than just a task killer. RAM Master also includes a crapload of code and resources for Simeji, a Japanese-oriented keyboard that was acquired by Baidu back in 2011. It’s also stuffed with images and code for a game called “Count Cash Till Hand Twitching.” Spoiler: that game hijacks your lockscreen.
You’re not going to find these things mentioned in the description or screenshots, and they belong in a memory manager about as much as Gilbert Gottfried should be singing Selena Gomez.
After testing RAM Master on four malware scanning services, I was surprised to see that only one flagged it while the others considered it safe (flagged, cleared: 1, 2, 3). Regardless, it still requires 51 permissions, and I think you can guess most of those have nothing to do with what the app claims to do in its description. There are even a couple permissions that can only be granted to system apps.
android.permission.BATTERY_STATS
android.permission.GET_PACKAGE_SIZE
android.permission.GET_TASKS
android.permission.RESTART_PACKAGES
android.permission.READ_PHONE_STATE
android.permission.INTERNET
android.permission.ACCESS_NETWORK_STATE
android.permission.CHANGE_NETWORK_STATE
android.permission.WRITE_EXTERNAL_STORAGE
android.permission.READ_EXTERNAL_STORAGE
android.permission.READ_LOGS
android.permission.CHANGE_WIFI_MULTICAST_STATE
android.permission.CHANGE_WIFI_STATE
android.permission.ACCESS_WIFI_STATE
android.permission.KILL_BACKGROUND_PROCESSES
android.permission.MODIFY_AUDIO_SETTINGS
android.permission.CHANGE_CONFIGURATION
android.permission.ACCESS_FINE_LOCATION
android.permission.WAKE_LOCK
android.permission.WRITE_SETTINGS
android.permission.BLUETOOTH
android.permission.BLUETOOTH_ADMIN
android.permission.READ_SYNC_STATS
android.permission.READ_SYNC_SETTINGS
android.permission.WRITE_SYNC_SETTINGS
android.permission.GET_ACCOUNTS
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.VIBRATE
android.permission.READ_SECURE_SETTINGS
android.permission.MOUNT_UNMOUNT_FILESYSTEMS
android.permission.CLEAR_APP_CACHE
android.permission.BROADCAST_STICKY
android.permission.SYSTEM_ALERT_WINDOW
android.permission.CAMERA
android.permission.RECORD_AUDIO
android.permission.ACCESS_COARSE_LOCATION
android.permission.DISABLE_KEYGUARD
android.permission.BIND_INPUT_METHOD
android.permission.READ_PROFILE
android.permission.READ_USER_DICTIONARY
android.permission.WRITE_USER_DICTIONARY
android.permission.REORDER_TASKS
android.permission.WRITE_APN_SETTINGS
android.permission.DELETE_CACHE_FILES
android.permission.MODIFY_PHONE_STATE
android.permission.PACKAGE_USAGE_STATS
com.android.launcher.permission.INSTALL_SHORTCUT
com.android.launcher.permission.UNINSTALL_SHORTCUT
android.permission.READ_CALENDAR
com.android.alarm.permission.SET_ALARM
com.google.android.finsky.permission.BIND_GET_INSTALL_REFERRER_SERVICE
RAM Master also incorporates several ad networks, including Google’s AdMob, Facebook, intowow, mopub, and Taboola. There are more, but you get the idea. You’re not surprised by this.
Remember, this thing has well over 10 million downloads, but it’s not a special outlier. There are pages of RAM manager apps, some with just as many or more downloads. This is also just one or many categories of obviously bad apps, it gets worse with casual games, gimmicky photo editors, and apps that offer free stuff (e.g. movies, data, money, prizes). Do you really think your kids don’t have a handful of those installed? Come on, you should have taught them better…
So. Many. Rockets!
Wrapping up
We recognize garbage apps automatically, right? It’s no different than banner ads, our instincts kick in as soon as we see a clue that tells us there’s danger. But most people aren’t as awesome as us…
At the end of the day, the only reason these apps exist is because they’re profitable. Much like scam calls, they wouldn’t exist if they weren’t working on somebody. It’s a numbers game, and the bad guys have the advantage.
If you like your family, or at least prefer them to the sleazy people that make these apps, a good way to show your affection is to make everybody uninstall the junk.
If you’re not sure where to begin, try looking for apps that exhibit odd behavior, like using too much data or waking up often. Look through the list of floating apps (permission to draw on top of other apps) and Device Administrators for some that definitely don’t need it. You could even try using some malware scanners, but keep in mind that many of those are just as bad (example).
Merry Christmas, Artem.
Be the first to comment