BeiTaAd adware found in over 200 Android apps on the Google Play Store

A major app developer has been hiding adware within its Android apps on an industrial scale. CooTek, a Shanghai-based developer founded in 2008, which floated on the NYSE in 2018 and currently has a market cap of over U$530 million, laced 238 apps including TouchPal with BeiTaAd, an aggressive adware plug-in. Web security company Lookout discovered the presence of BeiTaAd in CooTek's apps and explains its behaviour as follows:

BeiTaAd is a well-obfuscated advertising plugin hidden within a number of popular applications in Google Play. The plugin forcibly displays ads on the user’s lock screen, triggers video and audio advertisements even while the phone is asleep, and displays out-of-app ads that interfere with a user’s interaction with other applications on their device.

TouchPal has over 100 million downloads alone, with Lookout estimating that BeiTaAd has been installed over 440 million times. Developers concealed BeiTaAd by setting ads to appear between 24 hours and 2 weeks after the application infected with it had been launched.

Lookout notes that the BeiTaAd plugin is never installed on a device, which prevents it from appearing as an installed package on an infected device. Moreover, it is only possible to remove BeiTaAd by uninstalling the affected application. As of May 23, all 238 applications that had been compromised by BeiTaAd have either been removed from the Google Play Store or updated to versions without the offending plugin. Lookout offered the following chilling statement though:

This BeiTaAd plugin family provides insight into future development of mobile adware. As official app stores continue to increase restrictions on out-of-app advertisements, we are likely to see other developers employ similar techniques to avoid detection.

So, adware could well become the norm for app developers looking to monetise their apps in increasingly more complex ways. Android has a major problem on its hands.