Researchers say that a tip from a child led them to discover aggressive adware in iOS and Android smartphone apps with a combined 2.4 million downloads across the iPhone App Store and Google Play Store. The malware apps targeted young children and were promoted on social media apps including TikTok.
Ars Technica reports that security researchers investigated a tip from a child that led to them discovering aggressive adware and exorbitant prices in Apple iOS and Google Android smartphone apps with a total of 2.4 million downloads across the iOS App Store and Google Play Store.
The apps were advertised as entertainment, wallpaper images, or music downloads and served intrusive ads to users even when the app wasn’t active. The apps also hid their icon in an attempt to prevent users from uninstalling them. Other app charges between $2 to $10 and generated revenue of more than $500,000 according to estimates from SensorTower, a smartphone app intelligence service. Based on how they were advertised and the nature of the apps, researchers believe they were specifically targeted at children.
The apps were first reported to Be Safe Online, a project in the Czech Republic aimed at educating children about online safety, by a young girl who found a profile on TikTok promoting one of the abusive apps. Researchers from the security firm Avast found 11 apps for iOS and Android devices engaging in scams.
Avast threat analyst Jakub Vávra, said in a statement: “We thank the young girl who reported the TikTok profile to us. Her awareness and responsible action is the kind of commitment we should all show to make the cyberworld a safer place.”
“It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them,” Vávra added.
Read the full report at Ars Technica here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address firstname.lastname@example.org