Mobile apps that have been copied from genuine titles account for 1.2 per cent of a sample of 420,646 titles in Google Play, according to antivirus provider Bitdefender.
Apps uploaded by 2,140 developers contained code that was more than 90 per cent identical to other products available in the store. This excluded library code that can be legally used by multiple developers, such as an advertising SDKs.
Of the apps analysed, 5,077 application package files (APKs) were copied from other titles in Google Play.
Catalin Cosoi, Bitdefender chief security strategist, said these counterfeit products should not be mistaken for different versions of an genuine app: “Here, it’s about a publisher who takes an application, reverse-engineers its code, adds aggressive advertising SDKs or other beacons, then repackages and distributes it as his own.”
Some copied titles contain additional modules to modify the behaviour of the app — such as accessing location, leaking the device ID, or connecting to social media platforms.
Those copying often add a new advertising SDK or change the advertiser ID so revenue is diverted to them from the original developer, or insert modules that collect extra data from users.
Bitdefender also found nearly 8 per cent of amendments in plagiarised apps could allow an unauthorised party to make phone calls from the device, with a slightly lower proportion allowing a third party to access a device’s call history.
Copying apps in this way is not allowed by Google Play and developer accounts demonstrating this kind of activity are terminated if they are detected.