Android VPN apps found serving disruptive ads

A security researcher has discovered four VPN apps that serve ads while running in the background and also on the home screen of Android smartphones in the latest case of adware found on the Google Play Store.

While researching suspicious Android VPN apps, Andy Michael found that Hotspot VPN, Free VPN Master, Secure VPN and Security Master by Cheetah Mobile were all showing full screen pop-up ads on his smartphone even though none of these apps were currently open.

It is also worth noting that all of these apps originate from either Hong Kong or China where VPN usage tends to be higher than in other countries due to China's Great Firewall and the ongoing protests in Hong Kong. While three of the four apps provide VPN services to users, Security Master is an antivirus app.

All of the apps found to be showing disruptive ads by Andy Michael are still available on the Play Store at the time of writing.

Adware apps

In addition to APIs from Google and Facebook used to show ads, Michael's investigation also found that Hotspot VPN also contained obfuscated code which is used to show full-screen ads regardless of whether or not the app is currently open which results in significant battery and CPU usage. This app's name also resembles the legitimate VPN, Hotspot Shield and its developer likely chose this name as a way to trick unsuspecting users into downloading their app instead.

Free VPN Master was found to share the same code for serving Google ads and its APK file has the same code structure and files as Hotspot VPN. According to Michael, both apps are identical apart from slight modifications in their code.

Secure VPN though was the worst offender as it served ads when users had other apps open and even overlaid them on top of user's home screens. The app also contained references to code that recorded activities such as when an ad was displayed, clicked on or dismissed by the user. Security Master on the other hand, used more sophisticated behavior to show ads when users tried to go back to the home screen or when certain buttons were clicked.

Android users are constantly warned to avoid installing apps from unknown sources but when they can't even trust Google's own Play Store to find legitimate apps, there is a serious problem.


How It works

Search Crack for

Latest IT News

May 30
ExpressVPN's latest survey highlights consumer concerns that contact tracing apps violate their privacy and could lead to mass surveillance.
May 30
The cost of launching collision attacks against SHA-1 has come down significantly making the encryption algorithm more vulnerable.
May 29
Grab the right tools to get web development done without breaking a sweat, covering everything from design and coding platforms.
May 29
David Plummer created Task Manager some 25 years ago, and has some pretty nifty tips for the app.
May 29
Cortana's consumer skills, or some of them, have got the chop, among other features.
May 29
Microsoft has announced significant updates to its NoSQL platform.
May 28
Memory integrity protection is stopping some PCs from receiving the latest upgrade for Windows 10.

Latest cracks