News
April 11, 2025
Once again, Google had to remove malicious apps from its Play Store. In 2024, 2.36 million apps were blocked for security policy violations, an impressive number that confirms how far the malware problem on Android is from being solved despite the efforts of the American giant.
In recent years, monitoring has been more active and controls stricter, but malware in the mobile world continues to proliferate, putting millions of users at risk.
Although security measures are increasingly advanced, the problem of malicious apps remains a challenge. Recently, more than 200 infected apps, downloaded more than 8 million times, have been identified that were intended to activate unauthorised subscriptions to premium services, steal bank account credentials or, even worse, execute malicious code directly on the victim’s smartphone. Incidents like these show how crucial it is to be careful about the applications installed, even when they come from official stores.
Who controls apps published under your brand name?
AppSentry helps you detect modified versions, clones and unauthorised uses, protecting your company and your users.Read more at
Malware on Android is constantly evolving, exploiting increasingly sophisticated techniques to bypass the operating system’s defences. One of the most common strategies is obfuscated code using Two-Stage Command and Control (2C) techniques, which allows malware to communicate with remote servers to download malicious payloads only after installation, avoiding initial detection by Google. Some malware also uses techniques called Domain Generation Algorithms (DGA) to automatically create new domains with which to communicate, making it more difficult to be blocked by blacklists and VPNs.
Another particularly insidious technique concerns the abuse of accessibility settings, which allows malicious apps to obtain advanced permissions to perform actions without the user’s explicit consent. This method is often exploited to intercept credentials, activate functions without human interaction or even change device security settings. The combination of these strategies makes it increasingly difficult for users to recognise and remove malicious apps once installed.
Even with the best practices of secure development, some vulnerabilities remain difficult to detect without in-depth analysis. Penetration tests are essential activities for this very reason: they allow weaknesses that escape standard testing to be identified, simulating real attacks to test the security infrastructure and to demonstrate what a hacker is really capable of doing in the system.
Every unmanaged vulnerability exposes the app to operational and reputational risk.
Mobisec supports technical and decision-making teams with a service designed to ensure continuity and reliability.Find out more
These advanced checks can detect, for instance, errors in session management, bypassing of authentication controls or improper access to other people’s data (causing the notorious data breaches). Many vulnerabilities only emerge when an application is tested in a realistic context, with targeted attacks and techniques used by cybercriminals. For this reason, relying only on automated tools or good development practices is not enough: it is necessary to actively test the security of applications to ensure effective protection of users and data, by becoming aware of both the app’s problems (vulnerabilities) and the points left uncovered (weaknesses), which today are potentially unusable but tomorrow could lend themselves to a new or more complex attack.
With the increasing popularity of mobile applications, ensuring user security is a shared responsibility between developers, companies, distribution platforms and users themselves. While the technology sector must commit to the adoption of advanced data protection solutions, bridging the digital divide and promoting greater awareness of cyber risks is crucial. Lack of security knowledge makes users more vulnerable to attacks, facilitating the spread of malware and online scams. Education and information play a key role in building a safer digital ecosystem, in which everyone, based on their own skills and responsibilities, can contribute to collective protection.
The fact that dangerous apps manage to get past official store controls should give anyone working in the mobile world pause for thought.
Preventive defences are the only effective response to protect users, data and reputation.
Careful and continuous monitoring such as that offered by Mobisec makes the difference between a reliable app and one that exposes the company to avoidable risks.
Discover the service