How to spot a malicious smartphone app

Article published 8 December 2021

Subscribe to CPSA news

OVER 300,000 Android smartphone users have downloaded various apps posing as QR code scanners, document scanners, and cryptocurrency apps that turned out to be malware.

These apps bypassed detection by the Google Play app store as the malicious intent of the apps is hidden and only begins after installation.

These types of malicious apps will frequently request that phone users install updates to continue using the app. During these ‘updates’ the app connects to a server that downloads malware onto a phone allowing the app to steal information.

In this way, malicious apps bypass the two steps usually needed to verify you actually want their malicious malware.

Android accessibility services allow apps to take control of a smartphone to perform special tasks that aid people with disabilities. For example, if an app developer is concerned people with vision difficulties may struggle to read text on their app, they may use accessibility services to read text out loud to the phone user.

Despite the good intentions of these services, giving app developers more control over a phone comes with greater risk as some app developers may misuse these services.

Malware may use accessibility services to click buttons for itself or overlay content over the phone screen and trick the phone user into clicking on things they cannot see. These sorts of powers can be used to extract sensitive information from a phone, a specialist IT news website, spoke to Dario Durando, a mobile malware specialist, about the recent uncovering of these malicious apps.

Durando said to ZDNet “… the Google Play Store is the most attractive platform to use to serve malware”. Everybody uses it and most of the stuff is legit.

Malicious apps can be quite convincing, but Durando outlined a few steps that can be taken to avoid malware: “…always check updates and always be very careful before granting accessibility services privileges – which will be requested by the malicious payload, after the ‘update’ installation – and be wary of applications that ask to install additional software”.

For more information please email our media contact at

Stay up to date with CPSA news and media releases

Our regular email newsletter provides valuable insights and information on topics such as pension entitlements, healthcare, government policies, and more.

  • This field is for validation purposes and should be left unchanged.