app review Archives

AppWizard

September 16, 2025

Google nukes 224 Android malware apps behind massive ad fraud campaign

A large-scale Android ad fraud operation called "SlopAds" has been dismantled, involving 224 malicious applications on Google Play that generated 2.3 billion ad requests daily. The Satori Threat Intelligence team at HUMAN discovered that these apps were downloaded over 38 million times and reached users in 228 countries, with the U.S. accounting for 30% of ad impressions. The perpetrators used techniques like obfuscation and steganography to evade detection. If installed through ad campaigns, the apps would download a malicious module called "FatModule," which executed the ad fraud scheme by serving ads through hidden WebViews. The operation resulted in over 2 billion fraudulent ad impressions daily. Google has removed all known SlopAds applications from the Play Store and updated Google Play Protect to alert users to uninstall remaining instances.

AppWizard

April 30, 2025

Millions of Android apps have disappeared from the Play Store this year, and for good reason

The Google Play Store's app count has decreased from approximately 3.4 million in early 2024 to around 1.8 million today, a 47% decline. This reduction is attributed to stricter quality control measures implemented by Google in July 2024, which targeted malfunctioning apps and those with limited functionality. Google reported blocking 2.36 million apps for policy violations and banning over 158,000 developer accounts linked to harmful activities. In contrast, the Apple App Store's app count rose from 1.6 million to 1.64 million during the same period. Additionally, a new EU regulation requires developers to disclose their names and addresses in app listings, with non-compliance risking delisting from EU markets. Despite the decline, 10,400 new applications were launched on the Play Store this year, indicating a 7.1% increase compared to last year.

AppWizard

December 3, 2024

SpyLoan Android malware on Google Play installed 8 million times

A recent investigation by McAfee identified 15 SpyLoan Android malware apps on Google Play, which collectively received over 8 million installs, mainly targeting users in South America, Southeast Asia, and Africa. These apps disguised themselves as legitimate financial tools, enticing users with false promises of quick loan approvals. Upon installation, users were required to validate their location and submit sensitive personal information. The malware harvested extensive data from users' devices, including SMS messages, GPS locations, and contact lists. Users who secured loans faced high-interest payments and harassment from the operators, who sometimes contacted the borrowers' family members. Notable apps included Préstamo Seguro-Rápido and Préstamo Rápido-Credit Easy, each with 1,000,000 downloads. Despite Google's app review processes, these malicious apps evaded detection. Users are advised to read reviews, check developer reputations, limit app permissions, and activate Google Play Protect.

AppWizard

November 30, 2024

SpyLoan Android apps on Google play installed 8 million times

A recent investigation by McAfee revealed the existence of 15 SpyLoan applications on Google Play, which have collectively received over 8 million installs, primarily targeting users in South America, Southeast Asia, and Africa. These apps were removed from the Play Store following their discovery, but they highlight ongoing challenges in addressing digital threats. The last significant cleanup of similar SpyLoan applications occurred in December 2023, when over a dozen apps with 12 million downloads were taken down. SpyLoan applications pose as legitimate financial tools, offering misleading loan approvals and coercing users to provide sensitive personal information after validating their identity through a one-time password. They exploit device permissions to access extensive sensitive information, including contact lists, SMS messages, and location data, which are used in extortion schemes. Users who secure loans often face high-interest repayments and harassment from operators, with some scammers contacting borrowers' family members for further pressure. The eight most popular SpyLoan applications include: - Préstamo Seguro-Rápido, Seguro - 1,000,000 downloads (Mexico) - Préstamo Rápido-Credit Easy - 1,000,000 downloads (Colombia) - ได้บาทง่ายๆ-สินเชื่อด่วน - 1,000,000 downloads (Senegal) - RupiahKilat-Dana cair - 1,000,000 downloads (Senegal) - ยืมอย่างมีความสุข – เงินกู้ - 1,000,000 downloads (Thailand) - เงินมีความสุข – สินเชื่อด่วน - 1,000,000 downloads (Thailand) - KreditKu-Uang Online - 500,000 downloads (Indonesia) - Dana Kilat-Pinjaman kecil - 500,000 downloads (Indonesia) Despite Google's app review mechanisms, SpyLoan applications continue to evade detection. Users are advised to read reviews, check the developer's reputation, limit app permissions, and activate Google Play Protect to mitigate risks.

AppWizard

October 15, 2024

How To Publish Android App on Google Play Store?

To publish an Android app on the Google Play Store, one must create a Google Developer Account by signing up on the Google Play Console, providing personal details, and paying a one-time fee. Approval may take up to 48 hours. A Google Merchant Account is needed for financial transactions if selling or offering in-app purchases. The app setup involves filling out essential information, uploading the APK or App Bundle, and configuring the store listing. The app title should be concise and include high-traffic keywords, while descriptions should incorporate relevant keywords to enhance discoverability. The APK or App Bundle must not exceed 100MB and should be digitally signed. Store listings should include high-quality screenshots, a marketing image, and a promo video link. Pricing and distribution settings can be configured, and a content rating questionnaire must be completed accurately. The app review process typically takes up to 7 days but can be completed in as little as 2 days. Post-publication, regular updates and marketing strategies, including App Store Optimization (ASO) and social media engagement, are essential for maintaining visibility and attracting users.

TrendTechie

October 2, 2024

iPhone users in this region can now legally use torrent apps without jailbreaking—Here’s how

Apple has recently allowed iPhone users in the European Union to legally download and use torrent apps due to compliance with new EU regulations permitting third-party app stores. Notable apps available through the AltStore PAL include iTorrent, which allows direct torrent downloads, and qBitControl, a remote management tool for torrent clients. This development does not extend outside the EU, where Apple maintains its strict policies against torrent applications and continues to reject and shut down such apps globally.

AppWizard

September 28, 2024

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Cybersecurity researchers have discovered a malicious Android application on the Google Play Store that has stolen approximately 0,000 in cryptocurrency from users over nearly five months. The app, disguised as the legitimate WalletConnect protocol, was identified by Check Point and had over 10,000 downloads due to fake reviews and consistent branding. Around 150 users are believed to have been affected, although not all who downloaded the app were targeted. The app operated under various names, including "Mestox Calculator" and "WalletConnect - Airdrop Wallet." It has since been removed from the Play Store but can still be accessed through third-party app stores. The malware, known as MS Drainer, prompts users to connect their wallets and authorize transactions, allowing attackers to withdraw funds. If victims do not revoke permissions, attackers can continue to drain assets from their wallets. Another malicious app, "Walletconnect | Web3Inbox," was also identified, which had over 5,000 downloads.

AppWizard

August 6, 2024

Apple users, beware of these malicious apps

A malicious application bypassed Apple’s App Store security measures by using a technique called "geofence," which allows it to present different user interfaces based on geographical location. For example, an app named "Collect Cards" disguised itself as a benign card game in the U.S. while revealing its true nature as a pirate streaming app in countries with lenient anti-piracy laws. These apps delay the activation of their geolocation API to avoid detection and often share a code base built on the React Native framework and Microsoft’s CodePush SDK, enabling modifications without formal updates. The code base for these applications comes from a single GitHub repository, allowing easy uploads of malicious apps. Apple has removed the offending app but has not indicated plans to change its review system.