Malicious apps on Google Play continue to grow in number as the search and mobile giant struggles to filter submissions, according to a new report covering mobile security published today.

The RiskIQ Inc. mobile threat landscape report for the third quarter found that malicious mobile apps are increasing across the board, impersonating brands and fooling consumers. The report, which analyzed 120 mobile app stores and more than 2 billion daily scanned resources found that Google Play, along with what it describes as “feral apps,” apps available for download outside a store, were the most abundant sources of malicious apps in the quarter.

The top developer of malicious apps in the quarter, Nyi Subang Larang, was found to list apps exclusively on Google Play. But it wasn’t all bad news. The percentage of malicious apps hosted dropping from 8 percent of all apps in the store in the second quarter to only 4 percent.

Coming up behind Google Play but rising in popularity were two independent Android app stores called AndroidAPKDescargar, described as “comparable numbers to Google” with 20,907 malicious apps found, followed by a site called ApkFiles. Not all app stores are created equally. The report said that while some clearly attempt to primarily be legitimate while also hosting malicious apps, others are not even trying, with 97 percent of all apps on a site called 9game.com found to be malicious.

Based on that data, RiskIQ researchers believe that some stores are being created and pumped with huge numbers of malicious apps in order to make detection of other bad stores more difficult.

Confirming previous reports, the researchers found that those behind apps are increasingly impersonating legitimate brands, with Google Play being described as fertile ground. Some 497 apps containing the word “WhatsApp” and excluding any from WhatsApp itself were found on Google Play, while 566 entries were likewise found for Instagram.

“Securing the mobile app ecosystem continues to be a challenge for app stores of all sizes, but efforts to improve version control, monitor for abuse, employ verification techniques and offer security education can help,” Mike Wyatt, director of Product Operations at RiskIQ, said in a statement. “Tracking the use of brand names and likeness is an equally daunting challenge for corporations. Brands should evaluate and implement solutions that constantly monitor their digital footprint online and in mobile app stores.”

A full copy of the report is available for download from RiskIQ here.

Photo: Pexels