Google works hard to protect users across a variety of devices and environments. Part of this work involves defending users against Potentially Harmful Applications (PHAs), an effort that gives us the opportunity to observe various types of threats targeting our ecosystem. For example, our security teams recently discovered and defended users of our ads and Android systems against a new PHA family we’ve named Chamois.
Chamois is an Android PHA family capable of:
Our previous experience with ad fraud apps like this one enabled our teams to swiftly take action to protect both our advertisers and Android users. Because the malicious app didn’t appear in the device’s app list, most users wouldn’t have seen or known to uninstall the unwanted app. This is why Google’s Verify Apps is so valuable, as it helps users discover PHAs and delete them.
Chamois had a number of features that made it unusual, including:
This multi-stage process makes it more complicated to immediately identify apps in this family as a PHA because the layers have to be peeled first to reach the malicious part. However, Google’s pipelines weren’t tricked as they are designed to tackle these scenarios properly.
Google continues to significantly invest in its counter-abuse technologies for Android and its ad systems, and we’re proud of the work that many teams do behind the scenes to fight PHAs like Chamois.
We hope this summary provides insight into the growing complexity of Android botnets. To learn more about Google’s anti-PHA efforts and further ameliorate the risks they pose to users, devices, and ad systems. For more details, keep an eye open for the upcoming “Android Security 2016 Year In Review” report.