Google Play Store malware installed on 1.5 million Android devices

Martin Brinkmann
Jul 10, 2023
Updated • Jul 10, 2023
Google Android

Google's Play Store is the go-to store for most Android users when it comes to installing new apps and games for the operating system.

Like Google's Chrome Web Store, which is the place to install Chrome extensions, Google's Play Store has had its fair share of malicious apps and games that were offered to users.

Just recently, it became known that malicious authenticator apps were listed on the official store. Back in 2022, researchers discovered apps with malware that were downloaded 500,000 times by users, and just last month, security researchers discovered a malicious SDK in a number of apps.

Security researchers at Pradeo have discovered two spyware applications on Google Play that were downloaded more than 1.5 million times by Android users. The applications, File Recovery & Data Recovery ( and File Manager (, disguised themselves as file management applications. Their main purpose of them was to send as much user data as possible to servers in China.

File Recovery & Data Recovery was downloaded more than 1 million times from Google Play, File Manager more than 500,000 times. Both applications listed fake Data Safety information on Google Play, claiming that they were not collecting any data.

Data Safety is mandatory information that app developers need to provide about their apps. The information that developers submit is not verified manually by Google.

Both applications had a relatively large number of downloads but no reviews. The researchers suggest that the developers of the app could have enhanced downloads artificially, for example, by using installation farms or mobile device emulators.

Pradeo researchers discovered that the two applications were busy as a bee collecting data from devices they were installed on. Data included:

  • The contact lists from the device and from connected accounts, e.g., email accounts, social networking accounts.
  • Media, such as pictures, audio or video.
  • Real-time user location data.
  • Mobile country code.
  • Network provider name.
  • Network code of the SIM provider.
  • Version of the operating system.
  • Device brand and model

The installed applications performed "more than a hundred transmissions of the collected data", which, the researchers write, is "so large it is rarely observed".

The applications in question are no longer listed on Google Play at the time of writing. Android users may want to check the list of installed programs to uninstall the apps, if they are still installed on their devices.

Pradeo notes that both applications hid their application icon on the home screen to make the uninstallation difficult. Android users have to open Settings > Apps to get a list of all installed applications and uninstallation options.

Now You: do you vet apps before you install them?

Google Play Store malware installed on 1.5 million Android devices
Article Name
Google Play Store malware installed on 1.5 million Android devices
Security researchers at Pradeo have discovered two spyware applications on Google Play recently that were downloaded more than 1.5 million times by Android users.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Iron Heart said on July 12, 2023 at 8:00 am

    @Martin Brinkmann

    OT: Google is removing the NewPipe homepage from its search results due to a DMCA takedown, might be worth an article:

  2. Lydia melinda shortridge said on July 12, 2023 at 3:54 am

    Protect all my webs and apps

  3. Anonymous said on July 11, 2023 at 1:10 am

    “Google Play Store malware installed on 1.5 million Android devices”

    Only 1.5 million ? Isn’t the play store installed by default on every device ?

    1. Anonymous said on July 11, 2023 at 4:28 pm

      If you consider GPlay as a malware (which sometimes is) then yes.

  4. 11r20 said on July 10, 2023 at 10:51 pm

    The report said 1.5 million downloaded malicious apps from Google and a crap-ton of data was sent back to Chinese servers.

    Are the Chinese copying Google’s tracking schemes, and double-crossing both the 5-eyes and Google?

  5. 11r20 said on July 10, 2023 at 6:26 pm

    The Chinese are copying the 5-eyes/Google data collection scheme?

  6. Tachy said on July 10, 2023 at 4:51 pm

    If android came with a proper file manager by default instead of manipulating you into using google services people wouldn’t need to search for third party apps to do basic OS functions.

  7. TelV said on July 10, 2023 at 3:21 pm

    Makes you wonder about the Firefox browser about:config setting “browser.safebrowsing.enabled which is set to True by default” along with “browser.safebrowsing.downloads.remote.enabled also set to True”. How can Google be trusted to get it right when they can’t even protect their own Store.

    1. Yash said on July 10, 2023 at 9:26 pm


      Yeah man, malware problem in Google Play Store which relies on developers sending their apps to Google so users can download those apps is somehow linked to safebrowsing used for detecting malicious websites and somehow Mozilla is responsible for all that.

      Go touch some grass man.

      1. Sandy said on July 12, 2023 at 11:57 pm

        It would be great if you could post a jpeg of the icons for the dubious android apps so I can quickly see if I’ve downloaded them. There are so many apps called File Manager that I have no idea if I have the malicious one or not. Or is there is an easy way I can see the apk name of the file manager I have installed?

      2. Yash said on July 13, 2023 at 9:32 pm

        Use apps from F-Droid. File manager, app installer apps on F-Droid aren’t constrained by Google API limit and hence are much more powerful and feature rich. Infact you only need Play Store apps for games or to use services of a particular service provider which has its own exclusive app. For other tasks open source is the way.

  8. Richard Cranium said on July 10, 2023 at 1:01 pm

    Google claims to have stringent requirements for apps on Play Store, but look at all of the malware that has been uploaded to the platform.

    Google needs to start actually reviewing all code of all apps initally place, and when updated on the Play Store.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.