Also in Q1, RiskIQ issued an alert warning of blacklisted apps masquerading as or associating themselves with Bitcoin exchanges, Bitcoin wallets, or just “cryptocurrency” in general. These are indicative of the rise of digital currencies and their attractiveness as an income stream for both crooks and legitimate businesses.
The report also showed that malicious mobile apps continued to decline, despite the number of total apps observed by the company increasing over the last four quarters. In Q1, 21,948, or 1.4%, of the total of 1,508,825 newly observed apps were blacklisted, which is a lower percentage than in the previous four quarters.
The numbers of blacklisted feral apps declined for the fourth-straight quarter, from 3,507 in Q4 2017 to 1,981 in Q1 2018, but still represents a significant portion of all blacklisted apps; forty-six percent of feral apps were blacklisted in Q1 2018. Meanwhile, Google hosted 8,287 blacklisted apps in Q1, which is consistent with previous quarters and outpaces the next most blacklisted store, AndroidAPKDescargar, by 4,595. Although the Play Store consistently had high numbers of blacklisted apps between Q3 2017 and Q1 2018, its rate of blacklisted apps has hovered around a relatively modest five percent.
The report found that many blacklisted apps shared several of the same permissions. Eighty-six percent of apps blacklisted in Q1 claimed the READ_SMS permission, which allows the app to read messages and can be used for any number of nefarious purposes, including circumventing two-factor authentication. Most of the apps that can read messages can also track location, read and write to the call log, generate alert windows, change settings and other dubious requests. Among apps blacklisted in the Google Play Store, 1,207 access the phone's camera, nearly 800 of which also record location data and about 600 record audios.