TikTok, despite all the controversies it is in, is still a popular place for promoting products. However, recently, security researchers have found that at least three popular profiles with over 350,000 followers have been promoting scam Android and iOS apps that have been installed more than 2.4 million times.
The researchers at Avast first came to know about the apps from someone who reported it on the company's Be Safe Online platform. The user found the app recommended by a TikTok user with over 330,000 followers. Upon investigation, Avast found that the apps were actually adware scams that were disguised in either games, music or wallpaper downloaders.
Once installed, the apps would display ads and charge users between $2 to $10. Avast noticed that the charges were for features that didn't exist or didn't work properly. The offerings also included features for phones to vibrate. According to Avast, the apps have reportedly generated over $500,000.
Researchers at Avast said that some apps were HiddenAds trojans that appear as legitimate apps but the only purpose they serve is to aggressively display ads. The profiles mainly promoting such apps were 7odestar and Dejavuuu.Es3 with a combined follower of over 350,000. The researchers further added that the apps had been developed by the same person or group.
Violates Appstore Polices
While all the apps violated policies of both Google's and Apple's, it was still present in their app stores. "The apps we discovered are scams and violate both Google's and Apple's app policies by either making misleading claims around app functionalities or serving ads outside of the app and hiding the original app icon soon after the app is installed," said Jakub Vavra, threat analyst at Avast.
Hence, it is important for users to check reviews before downloading such apps. Most of the apps that are adware have less than four-star ratings on Google Play Store or AppStore. BleepingComputer reported that the following apps are still there on the app stores.
"It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them," Vavra said.
Checking Permissions
Avast researchers noted that checking permission while installing such apps would help understand if they are malware or adware. For example, a music app doesn't need permission to the camera. Another example is the Android app ThemeZone, a wallpaper downloader. It asks for external storage permission. However, Vavra said that accessing external storage is not a must for a wallpaper app.
Another area users can check is obscene price points. Paying $10 for wallpapers may not be necessary and thus, most of the app developers offer the service for free or at a low price point with in-app ads in accordance with regulations.
