Google is back in cleanup mode, removing dozens of apps from the Play Store as new security threats continue to surface. The latest wave of deletions follows a massive ad fraud operation, a dangerous banking trojan, and now, a stealthy spyware campaign linked to North Korean hackers.
Despite Google’s efforts, malicious apps continue slipping through its Play Store defenses, raising serious questions about Android security. If you’ve recently installed new apps, you need to check your device now, some of these dangerous apps could still be running on your phone.
Spyware Alert
The latest threat comes from KoSpy, a sophisticated spyware linked to APT37 (ScarCruft), a North Korean cyber espionage group. Security researchers at Lookout uncovered the malware, which steals personal data, including:
- Text messages and call logs
- Precise location tracking
- Files, photos, and stored documents
- Screenshots and screen recordings
- Keystrokes, including passwords
- WiFi network details and installed apps
This malware has been in circulation since early 2022, targeting both English and Korean-speaking users. It disguises itself as common utility apps, such as:
- File Manager
- Phone Manager
- Smart Manager
- Kakao Security
- Software Update Utility
While Google has removed all identified apps from the Play Store, they are still available on third-party websites. If any of these apps are on your device, delete them immediately.
How Google Play Protect (And Sideloading) Factor In
Google’s Play Protect is designed to detect and remove threats, even for apps installed outside the Play Store. However, recent changes to Play Protect allow users to pause its defenses, making sideloading riskier than ever.
Security experts warn against disabling Play Protect unless you 100% trust the source of the app. Otherwise, it’s like driving without a seatbelt, you’re exposed to threats without realizing it.
A recent study from University College London (UCL) confirmed that many “unofficial” apps require excessive permissions, making sideloaded apps even riskier. Some parental control apps, for example, were found to:
- Hide their presence from users
- Request sensitive data access
- Instruct users to disable Play Protect
Of the 20 sideloaded parental control apps tested, 13 were flagged as malware, while others bypassed detection altogether.
Google’s Response & What You Should Do Now
In response to Lookout’s report, Google acknowledged the spyware threat, stating:
“Before any user installations, the latest malware sample discovered in March 2024 was removed from Google Play. Play Protect automatically protects Android users from known versions of this malware, even when apps come from outside Play.”
Despite these measures, malicious apps still find their way in. This is why Android users must stay proactive about security:
- Uninstall any of the flagged apps immediately.
- Ensure Play Protect is enabled (Settings → Security → Google Play Protect).
- Avoid sideloading apps, especially from unverified sources.
- Regularly check app permissions. If something seems suspicious, remove it.
What’s Next for Android Security?
Google has long struggled to eliminate malicious apps, despite frequent removals and security updates. Even Samsung is tightening sideloading restrictions, while Google continues warning users about installing apps from outside Play Store.
With Android 15 expected before mid-2025, attention is shifting to Android 16, which is set to introduce:
- Stronger on-device security monitoring
- Live threat detection for sideloaded apps
- Extended Advanced Protection Program for high-risk users
In the meantime, Samsung’s latest flagships are expected to receive Android 15 by April, bringing real-time app behavior tracking and local threat analysis, a crucial step, given that some malware can activate after installation, bypassing initial detection.
Google is improving its Play Store defenses, but until those protections become foolproof, users need to stay vigilant. The best security practices? Stick to trusted apps, keep Play Protect on, and think twice before sideloading.
