NEW DELHI: Owners of Android smartphones in India should not download any unknown or suspect apps, even from Google Play India app store, and install anti-virus and anti-malware software to protect their phones from malware Judy, cybersecurity experts have said.
The warning came even as Google said it has dealt with the issue.
“We can confirm that we have taken action on the policy-violating apps,” a Google India spokesperson said Tuesday, indicating that the search giant has taken down most of the apps, which had the Judy malware bug.
The bug force-clicks ads on an infected phone, creating nuisance for users while generating gamed revenue for advertisers.
More than 90% of smartphones in India run on the open Android OS, leaving them vulnerable to the malware, which security firm Checkpoint said has already infected over 36 million smartphones across the world through 41 apps. The apps by Korean developer Enstudio had beaten Google’s own security feature called Bouncer.
No infections have been reported in India so far, though handset makers such as Xiaomi and Oppo, among top five smartphone players, said they are on their guard, given that the world is just emerging from the effects of ransomware Wannacry.
“Given the ability of the malware to surpass Google Play’s protection checks, it does pose a pretty significant threat to all devices, including the ones in India,” said Shree Parthasarathy, partner at Deloitte India.
India is the top country for Google in terms of downloads from Google Play, surpassing the US in 2016, with over 6 billion apps downloaded, up from 3.5 billion the year before, as per an App Annie report.
Amit Jaju, executive director for fraud investigation and dispute services at EY India, said while the onus falls on the user to protect themselves from potential attacks, the company had “assisted various clients in securing their digital assets (including mobile phones) and checked if any app has behaved in a malicious way”. Jaju did not share the details.
Atul Gupta, partner-IT advisory at KPMG in India, said there was a need for heightened awareness of users on security measures, specifically considering the focus on digital payment channels through mobile phones.
“Xiaomi has its own security centre, which scans for viruses and also protects against less serious offences like apps consuming a lot of battery, while Google has their own protection, called Play Protect, which automatically scans all apps,” said Jai Mani, product lead at Xiaomi India.
He added that Google has resolved the malware and it doesn’t hold any threat to apps downloaded from within the Google App Store. “Even if a consumer sideloads an app, Google will scan it and protect you,” he said.
A spokesperson from rival Oppo said the company had not received any complaints related to the malware from its after services system, and that it was cooperating with anti-virus company Avast for its build-in anti-virus software for each phone. “This built-in software has also got a virus database, which is updated constantly. Both our sides are keeping an eye of this issue,” the spokesperson said.
Deloitte’s Parthasarathy suggested that handset makers start placing a second level check on all downloaded apps from any party, including Google Play Store.