Hundreds of apps on the official Google Play Store were recently found to contain a form of adware that rendered devices "nearly unusable," experts say.
Cybersecurity researchers at Lookout, a San Francisco-based technology company, said in a blog post this week that intrusive ad software—known as BeiTaAd—had been traced to Chinese firm CooTek. CooTek is best known for an app called TouchPal, which has more than 100,000,000 installs.
BeiTaAd is a covert plugin that "forcibly displays ads on the user's lock screen [and] triggers video and audio advertisements even while the phone is asleep," wrote security intelligence engineer Kristina Balaam. It was discovered to be lurking inside 238 separate mobile applications.
In total, Lookout said the applications had been installed more than 440 million times and had been the subject of debate on Android forums for months as users investigated strange ads.
"While the vast majority of free mobile apps monetize their apps through ad [software kits] or plugins, the persistence of the advertisements in this particular family and the lengths to which the developer went to hide its existence make the BeiTaPlugin concerning," Balaam wrote.
According to its website, CooTek was founded in 2008 and listed on the New York Stock Exchange (NYSE) on September 28 last year. It describes itself as a "fast-growing mobile internet company that develops innovative mobile apps and artificial intelligence technology."
The apps described on its website align with those identified by Lookout as allegedly containing the adware, spanning topics including fitness, lifestyle, healthcare, news and entertainment. The full list of allegedly adware-ridden applications can be viewed in the Lookout report.
App names included TouchPal Keyboard Pro (5,000,000+ installs), Abs Workout (10,000,000+ installs), Color Screen (50,000,000+ installs), Drink Water Reminder (10,000,000+ installs), Horoscope Prediction (5,000,000+ installs) and Smart Radio FM (1,000,000+ installs).
In some cases, masses of unwanted advertising only becomes visible at least 24 hours after the app is opened. In others—like an app called SmartScan—they did not appear for two weeks. Users said ads appeared even when the app was not opened, some even appeared during phone calls.
"While out-of-app ads are not particularly novel, those served by [BeiTaAd] render the phones nearly unusable. Users have reported being unable to answer calls or interact with other apps, due to the persistent and pervasive nature of the ads displayed," Balaam said in the report.
One user on the Android forums complained about the issue back in November last year amid wider concerns that a form of malicious software was infecting smartphones.
"This will bring up random adds in the middle of phone calls, when her alarm clock goes off or anytime she uses any other function of her phone" wrote DazDilinger45, describing a problem with his wife's device. "It is extremely annoying and almost making her phone unusable."
A second user, Wilbr101, added: "I was having the same problem with this plugin. Ads would always pop up when I used most apps including Google Maps even whilst I was driving." Lookout said all of the apps have now either been removed from the Play store or updated to remove the plugin.
In a statement sent today sent via email, a CooTek spokesperson told Newsweek: "The module mentioned in the report was one of the monetization SDK [software development kit] in our previous versions, and it was not intended for adware purposes.
"Several months ago, we already noticed the issue and disabled the advertising functions in the SDK in question because it was against our company policies.
"Last month, we further removed the entire module in question. We are just aware of the Lookout report today, and have double checked all of our apps to make sure the issue doesn't exist. The user experience is our first priority and we will do our utmost to improve it."
Google's media team did not immediately respond to request for comment. It was not immediately clear if the Chinese devs would face consequences for the alleged software bundling.
"Threats like BeiTaAd are problematic when they're already inside the gates of the Play store," Chris Boyd, lead intelligence analyst at cybersecurity firm Malwarebytes, told Newsweek.
"Many applications come with ads pre-loaded, as opposed to fetched from the internet, which helps evade [advertising] blockers, and if the app can't grab an internet-served ad, they get stuck and the phone is rendered useless until a reboot," Boyd continued, describing the adware.
"Google has a responsibility to show the app maker they can't place content like this on the store. If they're allowed to carry on with a slap on the wrist, it raises questions about what exactly is deemed a bannable offense. It doesn't make Play feel safer for consumers."
Android users with any of the software listed in the full Lookout report are advised to update their applications to their most recent versions to help remove potential adware from their devices.
