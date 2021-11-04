Spanish media outlet Xataka Android highlights a significant weakness in Play Protect when it finds that a PDF app on the Play Store is subduing Google’s security with a fairly basic subterfuge.

The Play Protect program aims to protect the Play Store. Google regularly works on its optimization to make sure that users don’t come across infected apps and malware. Unfortunately, no security system is infallible and the findings of the Spanish site Xataka Android come again to prove this truth.

The media has indeed realized that, among the most downloaded applications in Spain, the one ranked 169th seeks to trap its users. This is an app for reading PDFs on your smartphone. We were able to find it and see that it had been downloaded over 10,000 times. It is therefore not a huge box, but the number of people concerned and exposed is large enough to alert. Above all, this exposes serious flaws in Play Protect.

A fake Flash Player to steal your data

Xataka Android realized that after installing said PDF app, the interface had nothing to do with the screenshots shown on the play store. This is already a first alert, but it is not the only one. From the outset, the service asks for permission to install an update via an APK file that claims to be Flash Player.

More advanced users should already sense that there is a wolf since the real Flash Player has not been supported on Android since 2012 – and more recently on Windows 10. People who are new to it can be fooled.

You will understand, it is this APK that hides malware. Xataka Android explains that it is a trojan (Trojan horse) seeking to steal the bank details of the victim.

Play Protect should not fall into this trap

By opening the fake Flash Player installed in this way, this application will insist that the user give it access to accessibility services. These functions are very useful for people with disabilities, but you should also know that these options can give apps the ability to read and interact with whatever is displayed on the screen. Suffice to say that if malware has this access, it becomes very dangerous.





The PDF application trojan highlighted by Xataka Android also requests access to contacts, SMS and telephone. The Spanish media extracted the APK and submitted it for analysis by the specialized site VirusTotal. Result: 13 antiviruses detected malware. Conversely, using the Play Protect tool, no threat is detected, not even on the fake Flash Player.

Certainly, one can think that a rather small number of people will be fooled by seeing the Flash Player logo. However, one can wonder about the effectiveness of the Play Protect program, which should not be fooled by an a priori not very elaborate ploy. This does not bode well for more sophisticated malware.