Google Play Protect was launched recently – a new program that is there to perform periodic checks of the software that’s on your phone and the apps that are in the Play Store, looking for malwares. Recently Google found number of spyware apps in the playstore across the globe. The Google Play Protect security team discovered this family in September 2017 when device scans found an app with rooting capabilities that exploited old vulnerabilities.
The apps were all carriers of the Tizi backdoor — a piece of malware (Tizi is a fully featured backdoor that installs spyware to steal sensitive data from popular social media applications), which has been around since 2015. Tizi could gain root access to the device and snoop about the user’s pictures, phone log, and chat logs for popular apps, such as Facebook, WhatsApp, Viber, and the encrypted messaging service Telegram also. Additionally, it could send out an SMS message with the device’s GPS coordinates, take photos with the phone’s camera and even record audio with its microphones.
The good news is that the exploits that Tizi was using have been patched long ago, with the April 2016 Android security patch. But still millions of the smartphones are running older Android versions and they don’t get updates.
Per Google’s data, Tizi apps were mostly downloaded by users in Kenya. A very small percentage of US users also got them. After discovering the exploit, Google deleted the apps, suspended the developers’ accounts, and sent a warning message to all devices that were presumed infected. Google Play Protect has also been updated to more effectively detect Tizi-based malware.