A new report from security vendor BitDefender says that more than 1 percent of the Android apps in Google Play are “aggressive copycats.” The copycat apps mimic legitimate apps like Facebook, Twitter and others, often containing a lot of the same code and providing the same functionality. However, these apps also include aggressive advertising SDKs or beacons that can be used to track users’ activities.
Aggressive copycats often earn money at the expense of legitimate mobile development firms. “Most modifications add a new Advertising SDK in the repackaged app or change the Advertiser ID from the original app so revenue obtained through ad platforms gets diverted from the original developer to the individual who plagiarizes their work,” explained Bitdefender’s Loredana Botezatu. “Other modifications add extra advertising modules to collect more data from the user than the initial developer planned. Moreover, if a developer only collects UDIDs and e-mail addresses initially, a plagiarized application can be extended to place home-screen icons, spam the notification bar, and so on to maximize the hijacker’s revenue.”
The study found 5,077 such apps, some which had been downloaded 50,000 times.