Google flags apps made by popular Chinese e-commerce giant as malware

Google has suspended the official app of Chinese e-commerce giant Pinduoduo from its Play Store after a number of apps from the company containing malware were discovered. Google set its Android security system Play Protect to prevent the installation of the apps, which were flagged to those who had already downloaded them. The anonymous security experts who analysed the apps claimed that they exploited several zero-day flaws to monitor users. However, as Google Play is not available in China, the apps were available on the custom app stores associated with phone manufacturers Samsung, Huawei, Oppo and Xiaomi.

Pinduoduo is valued at around $23.5bn, and the company has almost 800 million active users. It has experienced rapid growth since being formed in 2015 and its business model involves group purchasing and discounting to drive sales. Despite this, the company has been criticised for the quality of the products it sells, with the World Wildlife Fund accusing the company of not adhering to standards for the sale of ivory. The company has also faced accusations of intellectual property theft from the luxury goods brand Castel.

This is the second time in a year that Google has found apps containing malicious code from Chinese companies. In May 2018, several Chinese language apps were discovered that had used a bug to evade review checks on Google’s platform. These apps were infected with a Trojan, which could covertly purchase in-game purchases and subscriptions without alerting the user.

It is vital for Google to maintain the integrity of its Play Store to protect itself from reputational damage when malware is discovered. The company took action earlier this year when it removed any apps that encouraged users to mine cryptocurrencies on their devices. Google’s security service also regularly removes apps from the Play Store that breach its guidelines or contain adware.



Source link