The European Commission’s competition department is currently investigating the rules put in place by Google around its Play Store application market.

The European Commission opens an investigation to understand the rules of the Play Store

According to Politico, several companies using the Play Store have received a confidential questionnaire from the European Commission. This document asks the companies concerned what are the invoicing conditions and the fees they pay to the technological giant to be present on its application catalog.

Google taxes a minimum of 15% and a maximum of 30% on any purchase made in an application (in-app) that has been downloaded from the Play Store.

This sparked a large number of complaints: Match Group, parent company of Tinder, video game development studio Epic Games, streaming platform Spotify, all sued Google. Similar complaints have targeted the Play Store’s main competitor, Apple’s App Store.

Google anticipated the arrival of DMA

At the end of July, to anticipate the upcoming arrival of the Digital Market Act and the Digital Services Act, Google decided to authorize applications to use third-party payment services in Europe. By using an alternative billing system.

Across the Channel, the United Kingdom’s competition watchdog has also opened an antitrust investigation around Google and Apple. The Play Store is targeted, as are the cloud gaming services offered by the two companies as well as their web browsers: Chrome and Safari.

How to protect yourself from phone fraud (toll fraud) on Android

Toll fraud malware can wreak serious havoc on your budget by signing up for paid services through your carrier. Here’s how to spot them and prevent them.

Older Android smartphones are well known security risks, but a study by the Microsoft 365 Defender Research Team shows precisely how vulnerable these devices are to a particular type of attack, phone fraud, or “toll fraud” in English.

Toll fraud malware hides in apps that seem completely innocent and will unknowingly subscribe users to paid services through the operator. And the victims end up subscribing to completely useless services which can cost several hundred euros, or even more, per year.

Microsoft’s research shows that devices running Android 9 or older are most at risk from such attacks, but we’ve seen similar flaws on newer versions of Android. Worse still, hackers are constantly evolving their attacks, allowing malicious apps to bypass Google Play’s security measures. This means that there could be many apps infected with such toll fraud malware (and others, for that matter) in the Google Play Store catalog. It is for this reason that it is important for all Android users to know how to spot this scam before it really is too late.

What is toll fraud?

Microsoft explains precisely how this kind of scam works, but the most common attack is divided into three stages.

First, the user downloads an app from Google Play or a third-party distributor. Once the app is installed, it updates with a malicious code that would normally have alerted Google Play’s security services.

Once updated, the app initiates the second phase, which involves several steps, such as using fake login pages and Wireless Application Protocol (WAP) to sign up for unsolicited services. (WAPs are completely legitimate tools that apps use to sign up users for services through their carrier rather than through a payment card or otherwise.)

Since WAPs require a cellular connection, the rogue app will often wait for the infected device to use data rather than Wi-Fi. Sometimes these apps can even force the phone to connect to data, even if Wi-Fi is available.

For the last stage of the attack, the application intercepts and blocks the confirmation SMS, as you would receive after knowingly subscribing to a legitimate service, so that you are not aware that something is wrong before to check your next mobile bill.

How to prevent these toll fraud malware attacks

These kinds of attacks take place in the background, making them very difficult to prevent. The Microsoft research team highlights several avenues that Google could explore to further improve its security measures and thus limit the risks of toll fraud and other similar malware, but there are still a few measures that you can follow to protect yourself.

Most important, as often, is to keep your devices up to date with the latest Android versions available and all security patches. As mentioned above, devices running Android 9 or earlier are most at risk. If possible, update to Android 10 or newer and install the latest security patches.

Of course, this isn’t always possible, just like buying a new, newer phone. And since these kinds of attacks also occur sometimes on newer versions of Android, you are not necessarily safe.

It is for this reason that you should always take the time to study an application (its quality, its legitimacy, etc.) before installing it. Read reviews (not just the best ones), search the web for the app, and only download it from a trusted source. Similarly, installing a reputable anti-malware app can help you catch a malicious app before it’s too late.

That being said, many apps seem perfectly legitimate. Even after installation, you can look for warning signs. Among these :

  • Login pages that require a link to an email or social network account.
  • Unnecessary permissions.
  • Requests to install additional apps or updates that are not from the Google Play Store.

Android: 17 password-stealing apps removed from the Play Store

Trend Micro has pinpointed 17 “Trojan horse” applications distributed on the Play Store, which Google recently removed. However, it is absolutely necessary to consult your smartphone to find out if one of them has not been downloaded: it could indeed cause serious damage.

The Octo malware goes on the attack

These apps are hosts to DawDropper, a trojan that will install the Octo (also known as Coper) malware. The latter can intercept text messages, collect sensitive information such as e-mail addresses, usernames, passwords or even steal banking information, all thanks to a screen recorder.

The malware also lowers the brightness of the screen and its backlight, and it turns off the sounds to make the user believe that the smartphone is on standby. But meanwhile, it recovers maximum data. The 17 apps are: Call Recorder, Rooster VPN, Super Cleaner, Document Scanner, Universal Saver Pro (two versions), Eagle Photo Editor, Call Recorder Pro+, Extra Cleaner, Crypto Utils, FixCleaner, Lucky Cleaner, Just In Video Motion , Document Scanner Pro, Conquer Darnes, Simpli Cleaner and Unicc QR Scanner. If one of these apps is lying around on your smartphone, delete it.

Finally, Trend Micro gives several recommendations to avoid malicious applications that, unfortunately, can be distributed on the Play Store. Cautious users should always check app reviews for negative feedback.

If possible, you should also take a look at the publisher’s or developer’s website: if it arouses suspicion, you will avoid downloading the application. Finally, it is imperative to be wary of unknown sources: the Play Store has its flaws, but at least there are security mechanisms.

Categorized in: