Source: Eric White/Crast.net
On Monday, Google announced that it had flagged as malware several apps created by a Chinese e-commerce giant that installed them, and suspended the company’s official apps.
Over the past few weeks, several Chinese security researchers accused Pinduoduo, a booming e-commerce giant that boasts nearly 800 million active users, of making apps for Android that contain malware designed to monitor users. .
Ed Fernandez, a Google spokesman, said that “off-Play versions of this app that have been found to contain malware are enforced through Google Play Protect,” referring to apps that are not on Google Play.
Effectively, Google has set Google Play Protect, its Android security mechanism, to prevent users from installing these malicious apps, and warns people who may have already installed them, prompting them to download the apps. be prompted to uninstall.
Fernandez said Google has suspended Pinduoduo’s official app on the Play Store “for security concerns while we continue our investigation.”
A security researcher, who asked to remain anonymous, alerted TechCrunch to the claims against the apps, and said they also analyzed the apps, which found the apps used multiple zero-days to hack the users they were exploiting.
Pinduoduo did not respond to a request for comment.
In a test, TechCrunch installed one of the suspected malicious apps, which popped up a message by Google that the app was malicious.
It is important to note that Google Play is not available in China, and according to unnamed security researchers, malicious apps were present on custom app stores from phone makers Samsung, Huawei, Oppo and Xiaomi.
None of these companies responded to a request for comment.
Source: Eric White/Crast.net
