Google Play services Archives

AppWizard

April 10, 2025

Google releases new Android System updates with battery life improvements

Google Play services v25.13 introduces updates to improve battery life and connectivity across various Android devices, including Android Auto, PCs, phones, TVs, and Wear OS devices. Google Wallet now allows users to add nicknames to their passes. The Android System Intelligence v.23 update includes logging for Adaptive Sound and code optimization for Smart Dictation. The Google Play Store will implement verified badges for select VPN applications to enhance user trust and safety.

AppWizard

April 1, 2025

Google’s Play Store Warning—Do Not Update This Setting

A sophisticated trojan named TsarBot is targeting over 750 legitimate banking and shopping applications on Android devices. It overlays a counterfeit login screen on real apps to capture user credentials. TsarBot is believed to have Russian origins and can remotely control the device's screen, simulating user interactions and capturing device lock credentials through a deceptive lock screen. The trojan is typically installed from phishing websites, where a dropper application delivers the TsarBot APK file. Once installed, it disguises itself as the Google Play Services app and urges users to enable Accessibility services. Users are advised to avoid installing apps from outside the Google Play Store, ensure Play Protect is enabled, and only enable Accessibility Services when necessary to mitigate risks.

AppWizard

March 20, 2025

Google Play Services could soon make tracking system app updates much easier (APK teardown)

Google is introducing a new "System services" section within Google Play Services to streamline the tracking of updates for essential Android system applications. This feature aims to help users distinguish between regular app updates and important system app updates, addressing confusion about the status of core system components. An APK teardown of Google Play Services v25.11.32 beta has revealed references to this section, which will notify users of available updates and direct them to the Google Play Store. The app listings for core system applications will also be simplified to focus on essential information, reducing user confusion and improving understanding of system app updates. The "System services" page and updated app listings are not yet live but represent a step towards enhancing user trust and clarity regarding system app updates.

AppWizard

March 19, 2025

Annoying Google Play bug complains about a missing update that doesn’t even exist

Some Android users are experiencing a persistent error notification indicating that certain Google applications, such as Messages and the Google app, require an update, despite no updates being available in the Play Store. This issue affects both stable and beta versions of Google Play Services across various devices. Reports include a Pixel 9 Pro and another device running different versions of Google Play Services, indicating the bug is widespread. The affected applications continue to function normally, and updating to Google app version 16.19.36 may resolve the notification issue, though the effectiveness of a newer version of Google Messages is unconfirmed. Inquiries have been made to Google for clarification.

AppWizard

March 14, 2025

New North Korean Android spyware slips onto Google Play

A new Android spyware called KoSpy has been linked to North Korean threat actors, specifically the group APT37 (ScarCruft), and has infiltrated Google Play and APKPure through malicious applications. The campaign has been active since March 2022, targeting Korean and English-speaking users with apps disguised as file managers, security tools, and software updaters. Five identified applications involved are: 휴대폰 관리자 (Phone Manager), File Manager (com.file.exploer), 스마트 관리자 (Smart Manager), 카카오 보안 (Kakao Security), and Software Update Utility. KoSpy retrieves an encrypted configuration file from a Firebase Firestore database and connects to a command and control (C2) server, allowing it to evade detection. Its data collection capabilities include intercepting SMS and call logs, real-time GPS tracking, reading files, using the microphone and camera, taking screenshots, and recording keystrokes. Each application operates with a distinct Firebase project and C2 server for data exfiltration, with data encrypted using a hardcoded AES key. Although the spyware apps have been removed, users are advised to manually uninstall them and use security tools to eliminate any remnants. Google Play Protect can block known malicious apps, and all identified KoSpy applications have been removed from Google Play.

AppWizard

March 12, 2025

North Korean government hackers snuck spyware on Android app store

A report from cybersecurity firm Lookout reveals that North Korean hackers have uploaded Android spyware, named KoSpy, onto the Google Play app store, which has been downloaded over ten times. The spyware masquerades as a file manager and is designed for surveillance, collecting data such as SMS messages, call logs, device location, files, keystrokes, Wi-Fi details, installed apps, audio recordings, images, and screenshots. Google has removed the identified apps from the Play Store and deactivated associated Firebase projects. Lookout also found instances of KoSpy on the third-party app store APKPure. The campaign appears targeted at individuals in South Korea who speak English or Korean, with links to North Korean hacking groups APT37 and APT43.

AppWizard

March 6, 2025

Google Silently Tracks Android Device Even No Apps Opened by User

Recent research by Professor D.J. Leith from Trinity College Dublin reveals that Google collects significant amounts of user data on Android devices, even when users do not engage with Google applications. The study shows that pre-installed Google apps can track users without consent or opt-out options. Measurements were taken using a Google Pixel 7 with Android 14. Findings indicate that Google servers store multiple tracking identifiers immediately after a factory reset, before any user interaction. Collected identifiers include advertising analytics cookies and persistent device identifiers. This data collection raises concerns about compliance with EU data privacy regulations, such as the e-Privacy Directive and GDPR. Specific tracking technologies identified include the Google Android ID, DSID cookies, and NID cookies. User interaction data is also transmitted to Firebase Analytics servers. Users have limited control over the data stored on their devices, with disabling Google Play Services or the Google Play Store being impractical options.

AppWizard

March 6, 2025

BadBox Malware from Google Play Hacked 50,000+ Android Devices Using 24 Apps

HUMAN Security’s Satori Threat Intelligence team has identified a malware operation called “BADBOX 2.0,” which has compromised over 50,000 Android devices through 24 deceptive applications. This operation is an escalation from the original BADBOX campaign detected in 2023. The malware primarily targets low-cost, off-brand Android Open Source Project devices, including TV boxes, tablets, digital projectors, and vehicle infotainment systems. A backdoor named “BB2DOOR” provides threat actors with persistent access to the compromised systems. Four groups of threat actors—SalesTracker Group, MoYu Group, Lemon Group, and LongTV—are involved, using shared infrastructure for various fraud schemes. The malicious applications mimic legitimate apps in the Google Play Store, generating up to 5 billion fraudulent ad requests weekly. In response, Google has enhanced its protections, including blocking BADBOX behavior during app installation and terminating associated publisher accounts. Infected devices were found to be uncertified Android Open Source Project devices from China. Users are advised to verify certification and avoid unofficial app sources.

AppWizard

March 4, 2025

Google’s ‘consent-less’ Android tracking probed by academics

Research by Doug Leith, a professor at Trinity College Dublin, shows that Android users are subjected to advertising cookies and tracking mechanisms that start collecting data before any app is launched, without user consent or the option to opt out. The study identifies systems within Android that send user data to Google via pre-installed apps like Google Play Services and the Google Play Store. One such mechanism is the "DSID" cookie, which is created shortly after logging into a Google account and is used for personalized advertising, lasting two weeks. Another tracker, the Google Android ID, is generated upon first interaction with Google Play Services and continues to transmit data even after the user logs out, with removal only possible through a factory reset. Leith's findings raise concerns about potential violations of data protection laws, particularly regarding the classification of the Android ID as personally identifiable information under GDPR. Google responded to the findings, emphasizing user privacy and compliance with privacy laws, while also stating disagreement with Leith's legal analysis. Additionally, the introduction of the Android System SafetyCore feature, which scans photo libraries for explicit content without user consent, has sparked user discontent, with many reviews criticizing the lack of consent during its installation.

AppWizard

February 25, 2025

What’s new in Android’s February 2025 Google System Updates [U: 2/24]

The monthly "Google System Release Notes" detail updates and features for various platforms, including Play services, Play Store, and Play system updates for Android devices, Wear OS, Google/Android TV, Auto, and PC. Key applications in the "Google System" include Google Play Services, Google Play Store, Google Wallet, and Android System Intelligence. The appearance of a feature in the changelog does not guarantee immediate availability. Recent updates include: - School Time: A feature for parents to manage phone functionalities during school hours on supervised phones. - Google Play services v25.07: Notifications for available phone updates and alerts for digital ID card issuer availability. - Google Play Store v45.1: Updated deep link experience and user experience for purchase offers. - Android System Intelligence V.21: Resolved user interface issues in Live Captions. - Google Play services v25.06: New developer features for Utilities-related processes and enhancements for digital wallet processes. - Google Play Store v45.0: Sponsored suggestions now include descriptions and improved search for Play Collections. - Google Play services v25.05: New developer features for Device Connectivity and improvements to Quick Share. - Google Play Store v44.9: Availability of Collections on Android 10-12 devices and remote installation of watch faces. - Google Play services v25.04: Simplified family group management and support for Machine Learning & AI processes for developers. - Google Play Store v44.8: UI updates for Play Games profile creation and updates for evaluating app quality on tablets and ChromeOS devices.