A few Android apps available through Samsung’s Galaxy Store could be easily considered malware and even provide a backdoor for future malware infections, according to security researcher ‘linuxct’ and Android Police’s Max Weinbach.
Android users know more official Android app stores exist besides Google Play. A few phone manufacturers choose to include their own store in addition to Google Play. Unfortunately, even if it’s an official store, it doesn’t necessarily mean that the apps it offers are safe.
As a case in point, the Galaxy Store is home to several Showbox clones. The base app was actually a pirated streaming app for movies, now defunct, which in itself would disqualify it from official channels. Somehow, many Showbox clones are available through Samsung’s store. As Weinbach discovered, the Google Play protection, which is available by default through Android services, blocked the installation.
Security researcher linuxct took a closer look at the code and found that, while the apps themselves are not infected with anything, they allow attackers to download and run other code, similar to a dropper. This means criminals could use the opportunity provided by the Galaxy Store to spread malware and weaponize the Android apps.
The good news is that Google services and security solutions will pick up any attempt to install these apps, but users should also pay close attention to the apps they install and the permissions they ask. For example, the Showbox clones asked for permissions to access Contacts and Phone, even though they shouldn’t need it.
Because the Galaxy Store doesn’t show how many people have downloaded an app, it’s impossible to tell how widespread the problem really is. It’s always a good idea to have a security solution running in the background, just in case some app bypasses the embedded protection in the official stores.
The silver lining is that soon after Android Police’s report Samsung removed the apps from the Galaxy Store.