You probably use your smartphone all the time, but do you know how to keep it safe? A recent vulnerability was discovered in Google Play, which could leave your personal information and data vulnerable to hackers and criminals. If you’re concerned about the security of your phone, follow this guide on how to avoid this security breach and make sure your phone stays safe and secure at all times. Is Your Smartphone at Risk Google Play Has a Huge Security Issue
What Happened
Table of Contents
In 2015, researchers discovered that over half of all Android apps contain some form of embedded malware. Android isn’t inherently flawed; rather, there are serious problems with how Google allows apps to be downloaded and installed on users’ devices. The core problem is called package-distributed malware: A user downloads an app from an app store, but unbeknownst to them, another (typically malicious) piece of software has been embedded in that app. The users may think they have chosen to download one app, but something else is downloaded as well—and most often without their knowledge or consent. And as you might imagine, it’s not hard for someone to embed a few lines of code in thousands of seemingly harmless apps that result in widespread security issues.
Details on the Hack
The attack involves tampering with an existing application, turning it into a trojan horse that sends out premium-rate text messages to expensive numbers. The app developer can do all of this after simply uploading their own version of an existing application and changing part of its code. The vulnerability is particularly nasty because it can be used by anyone—not just those with malicious intent, like cybercriminals. Even innocuous activities—like making an update to existing software or republishing open source code—could leave users vulnerable to compromise. While we have not yet seen any attacks using these newly discovered vulnerabilities, we strongly recommend that developers follow security best practices, such as only downloading trusted applications from reputable sources, said Peter Pi, Android product manager in his post on Medium about fixing them.

What You Can Do to Stay Safe
There’s not much to do in order to stay safe from these attacks. Most of these apps have been taken down or removed from app stores, so it’s best to steer clear of apps you don’t use. If you are going to download an app, make sure it’s from trusted sources and always read reviews before clicking download. And even then, know that some hackers can post fake reviews designed to lure people into downloading their malicious code. A fake positive review might seem like nothing—except that a hacker is one step closer to stealing your data.
How Did This Happen?
While third-party developers can’t upload apps to Google Play, they’re allowed to publish their apps on other sites, allowing them to reach users outside of Google’s official app store. And while many apps come from legitimate developers, some aren’t. These so-called malicious marketplaces allow anyone with an idea and an internet connection to create a new app and sell it to unsuspecting users. Users don’t have any way of knowing if an app is legitimate or not because some third-party marketplaces don’t require personal information for account creation (they just collect your credit card number). Because most users only have one smartphone or tablet with limited space for downloads, people are more likely to download apps without checking reviews.
The Importance of Installing Apps from Trusted Sources
You can still download apps from outside of Play—but you should be careful. It’s possible to download pirated or malicious apps from third-party app stores that may have been modified to infect your device. We recommend you only use trusted sources for downloads. Make sure your phone is set up so that it alerts you when an app wants to install, and only install apps from sources you trust. The number one place to do that is Google Play. And if your phone allows for it, enable installing apps from unknown sources in order to side-load APKs when absolutely necessary. Just make sure you know what you’re doing and always double check before pressing install on anything!

Action Steps
If you’re concerned about security, take one or more of these three steps. First, use a passcode to lock your phone when it is not in use. Second, if someone else has access to your phone, change your Android settings so that only you can install applications. If possible, avoid using apps from unknown sources. Finally, whenever downloading apps and updates make sure you’re on Wi-Fi first and be careful with links—many of them can infect your device with viruses or malware without you ever knowing it. Following these simple rules will help protect yourself from hackers who are always looking for new ways to steal information or harm others’ devices.
Has Google Play ever been hacked?
Yes, in 2011, Google’s Android Market was hacked. For several weeks, users were exposed to viruses that could be harmful to their device. This lead to 20 million people having to update their Android phone’s operating system. Unfortunately for consumers, updating your OS is not always as simple as it sounds. If you are like me and didn’t back up your data beforehand you would be forced to start over from scratch.
Is Google Play a safe site?
In November 2016, it was discovered that an error in how apps were being uploaded to Google’s app store for Android phones left an estimated 500 million phones vulnerable to attack. This vulnerability allowed malicious hackers to take complete control of your phone, including its microphone and camera, track your location and steal data such as credit card information. Even worse: No patch has been released to fix it.
What is wrong with Google Play?
Recently, it has been found that millions of users have installed malware on their Android devices. Malware can be harmful in many ways, but one way is by stealing personal information like credit card numbers and passwords. So far there are two types of malware attacks discovered by Check Point researchers: fake versions of some very popular apps and malicious websites disguised as game and app stores. The first type disguises itself as games like Clash of Clans, Candy Crush Saga, Pokemon Go and as applications including a driver update app.
How do I disable Google Play security?
Well, in order to disable, you need to go into settings, applications, manage applications and then choose Google play store. The only real solution is to root your phone. If you’re unwilling to do that (you will void your warranty), disable your credit card info on it by going into Billing & Payment information and disabling payment methods. This way no one can purchase anything on your account without taking special steps. Hopefully Google fixes this soon… but they seem a little slow lately.