Tech behemoths Apple and Google have aggressively removed several dangerous mobile apps from their respective platforms, the App Store and Google Play, in a recent crackdown on digital security.

This action follows revelations of data-stealing malware that has been hiding inside these apps for almost a year, affecting the safety and privacy of millions of users worldwide.

Read also: Apple’s rumoured foldable iPhone: What we know about its design, features and release date

The malware revelation on Apple and Google Play

Security researchers from Kaspersky Labs, a renowned cybersecurity firm, discovered malware named SparkCat embedded within apps available on the Google Play Store and Apple’s App Store. The malware, active since March 2024, was initially detected in a food delivery app popular in the United Arab Emirates and Indonesia. 

However, the scope of the infection was much broader. SparkCat was found in 19 additional apps and accumulated over 242,000 downloads on Google’s platform alone. Its modus operandi used optical character recognition (OCR) technology to scan and extract sensitive information from images on users’ devices, mainly targeting recovery phrases for cryptocurrency wallets. This method allowed the malware to operate in multiple languages, including English, Chinese, Japanese, and Korean, making it a versatile tool for cybercriminals within the Google and Apple ecosystems.

Google and Apple respond 

Upon receiving the detailed report from Kaspersky, both tech giants acted swiftly. Apple removed the compromised apps from its App Store last week, while Google followed suit, pulling the apps from Google Play and banning the developers responsible. Google’s spokesperson, Ed Fernandez, confirmed that all identified apps had been removed from Google Play, and users were protected from known versions of this malware through Google’s built-in security feature, Google Play Protect. On the other hand, Apple has not publicly commented on the specifics of this incident. However, removing the apps from the App Store indicates a zero-tolerance policy towards such security breaches.

The broader context in Google Play and App Store

This incident is not an isolated case. The battle against malicious apps in official apps like Google Play and Apple’s App Store has been ongoing. Both companies constantly update their security protocols to combat increasingly sophisticated threats. 

In 2024, security experts at Zscaler discovered over 90 banking apps on Google Play with the Anatsa banking trojan, leading to millions of installations. 

Similarly, Apple has had its share of challenges, with various reports of malicious apps slipping through their stringent review processes in the App Store in the past. Removing these apps underscores a critical issue in the digital ecosystem: the cat-and-mouse game between app developers, cyber criminals, and security teams. 

While Google and Apple employ advanced algorithms and manual reviews, the dynamic nature of malware development means that new threats are constantly on both platforms.

Read also: Apple to introduce affordable power with iPhone SE 4 and Powerbeats Pro 2

User vigilance and protection on Google and Apple platforms

For users, this serves as a stark reminder of the importance of digital hygiene. Downloading apps from official sources like Google Play and the App Store provides a layer of scrutiny, though not infallible. Checking app permissions is crucial; be wary of apps asking for permissions that seem unnecessary for their functionality within the Google and Apple app ecosystems. Keeping your device and apps regularly updated ensures you have the latest security patches on both platforms. 

Utilising security features like Google Play Protect on Android or reviewing app access to personal data on iOS can add another layer of protection. 

Finally, while not foolproof, user reviews and ratings can sometimes expose app issues, offering insights into potential risks before installation on either Google or Apple’s platforms.

The removal of these malicious apps by Apple and Google from the App Store and Google Play is a testament to the vigilance required to maintain digital safety. 

However, it also highlights the continuous need for tech companies and users to stay one step ahead of cyber threats. As technology evolves, so must our approaches to cybersecurity, ensuring that the digital world, including the environments of Google Play and the App Store, remains a safe space for innovation, communication, and personal use.