While third-party market apps do exist, they are not as popular as the Google Play Store, and in many cases, malicious entities may use them to offer modified APK files which contain a nasty selection of malware.
While not all contained known malware, the data permissions requested by the fake apps found by the researchers posed a significant risk to users' privacy, potentially giving the apps access to SMS records, cameras, microphones, and other sensitive data.
Counterfeit or "fake" apps are often used by hackers to steal user data or infect a device with malware. It scanned more than 10,000 most popular apps on Google Play Store and it was able to find 49,608 threats. Instead of intercepting SMS messages to bypass 2FA protection on users' accounts and transactions, these malicious apps take the one-time password (OTP) from notifications appearing on the compromised device's display. Counterfeit or fake apps impersonate popular applications in a bid to misguide users.
The study also considered authorization requests and built-in ad libraries, finding 1,565 requests for at least five risky permissions and 1,407 of at least five embedded third-party ad libraries. To avoid issues like this, Google chose to implement a particular security feature in the form of Play Protect. He further added, "Our society is increasingly reliant on smartphone technology so it's important that we build solutions to quickly detect and contain malicious apps before affecting a wider population of smartphone users".
While the official Google search app demands 135MB of memory consumption, Google Go takes only 5MB of memory storage.
The study was conducted by researchers from the University of Sydney and Commonwealth Scientific and Industrial Research Organization's Data61. "We also [found] 1,565 potential counterfeits asking for at least five additional unsafe permissions than the original app and 1,407 potential counterfeits having at least five extra third-party advertisement libraries".
A new and easy way to share your searches on Google Search app for Android is now in beta state, and could soon be available. The other app was reported to Google last June 12th. According to a report, some apps including GPS Route Finder, GPS Live Street Maps and Maps GPS Navigation did not provide any service of their own to the users but used Google Maps or its API to display ads. The number of rejected apps submissions and app suspension increased by 55% and 66% respectively, in 2018.