Google Play services

AppWizard
April 10, 2025
Google Play services v25.13 introduces updates to improve battery life and connectivity across various Android devices, including Android Auto, PCs, phones, TVs, and Wear OS devices. Google Wallet now allows users to add nicknames to their passes. The Android System Intelligence v.23 update includes logging for Adaptive Sound and code optimization for Smart Dictation. The Google Play Store will implement verified badges for select VPN applications to enhance user trust and safety.
AppWizard
March 20, 2025
Google is introducing a new "System services" section within Google Play Services to streamline the tracking of updates for essential Android system applications. This feature aims to help users distinguish between regular app updates and important system app updates, addressing confusion about the status of core system components. An APK teardown of Google Play Services v25.11.32 beta has revealed references to this section, which will notify users of available updates and direct them to the Google Play Store. The app listings for core system applications will also be simplified to focus on essential information, reducing user confusion and improving understanding of system app updates. The "System services" page and updated app listings are not yet live but represent a step towards enhancing user trust and clarity regarding system app updates.
AppWizard
March 19, 2025
Some Android users are experiencing a persistent error notification indicating that certain Google applications, such as Messages and the Google app, require an update, despite no updates being available in the Play Store. This issue affects both stable and beta versions of Google Play Services across various devices. Reports include a Pixel 9 Pro and another device running different versions of Google Play Services, indicating the bug is widespread. The affected applications continue to function normally, and updating to Google app version 16.19.36 may resolve the notification issue, though the effectiveness of a newer version of Google Messages is unconfirmed. Inquiries have been made to Google for clarification.
AppWizard
March 14, 2025
A new Android spyware called KoSpy has been linked to North Korean threat actors, specifically the group APT37 (ScarCruft), and has infiltrated Google Play and APKPure through malicious applications. The campaign has been active since March 2022, targeting Korean and English-speaking users with apps disguised as file managers, security tools, and software updaters. Five identified applications involved are: 휴대폰 관리자 (Phone Manager), File Manager (com.file.exploer), 스마트 관리자 (Smart Manager), 카카오 보안 (Kakao Security), and Software Update Utility. KoSpy retrieves an encrypted configuration file from a Firebase Firestore database and connects to a command and control (C2) server, allowing it to evade detection. Its data collection capabilities include intercepting SMS and call logs, real-time GPS tracking, reading files, using the microphone and camera, taking screenshots, and recording keystrokes. Each application operates with a distinct Firebase project and C2 server for data exfiltration, with data encrypted using a hardcoded AES key. Although the spyware apps have been removed, users are advised to manually uninstall them and use security tools to eliminate any remnants. Google Play Protect can block known malicious apps, and all identified KoSpy applications have been removed from Google Play.
AppWizard
March 12, 2025
A report from cybersecurity firm Lookout reveals that North Korean hackers have uploaded Android spyware, named KoSpy, onto the Google Play app store, which has been downloaded over ten times. The spyware masquerades as a file manager and is designed for surveillance, collecting data such as SMS messages, call logs, device location, files, keystrokes, Wi-Fi details, installed apps, audio recordings, images, and screenshots. Google has removed the identified apps from the Play Store and deactivated associated Firebase projects. Lookout also found instances of KoSpy on the third-party app store APKPure. The campaign appears targeted at individuals in South Korea who speak English or Korean, with links to North Korean hacking groups APT37 and APT43.
AppWizard
March 6, 2025
HUMAN Security’s Satori Threat Intelligence team has identified a malware operation called “BADBOX 2.0,” which has compromised over 50,000 Android devices through 24 deceptive applications. This operation is an escalation from the original BADBOX campaign detected in 2023. The malware primarily targets low-cost, off-brand Android Open Source Project devices, including TV boxes, tablets, digital projectors, and vehicle infotainment systems. A backdoor named “BB2DOOR” provides threat actors with persistent access to the compromised systems. Four groups of threat actors—SalesTracker Group, MoYu Group, Lemon Group, and LongTV—are involved, using shared infrastructure for various fraud schemes. The malicious applications mimic legitimate apps in the Google Play Store, generating up to 5 billion fraudulent ad requests weekly. In response, Google has enhanced its protections, including blocking BADBOX behavior during app installation and terminating associated publisher accounts. Infected devices were found to be uncertified Android Open Source Project devices from China. Users are advised to verify certification and avoid unofficial app sources.
Search