A program that claims to be a PDF reader, but actually aggressively plays ads, ranks high in the Play Store: “PDF Reader: View Documents” by Fairy Games has reached more than one million downloads.
Advertising even when app is closed
Researchers from the Malwarebytes company have discovered the adware in the Play Store and put it under the microscope. They found out, for example, that the alleged PDF reader also displays ads when it is closed. This is made possible by an ad SDK developed specifically for the app. Ad SDKs are used to enable advertising in apps, which is usually used to finance free app versions. While ordinary Ad-SDKs display advertising to a moderate extent and exclusively within the app to which they belong, the Ad-SDK from Fairy Games crosses many boundaries. For example, it was noticed that a notification tone sounds a few hours after downloading the app; when the phone is subsequently unlocked, the home screen is covered by a full-screen ad. In some cases, advertising videos are also played here.
Some red flags
Malwarebytes points out that it makes sense to study app descriptions and meta information carefully before downloading. For example, in the case of the app “PDF Reader: view documents”, some warning signals can be spotted. Malwarebytes mentions the name of the company behind the app as the first warning signal. According to this, it is not obvious that a gaming company offers a PDF reader. Malwarebytes also cites the age restriction of 17+ as another warning signal. This is unusual for a PDF reader, as the reader itself does not contain any content that is relevant to minors. The third warning signal pointed out by the IT security company is the app’s reviews. Thus, with more than one million downloads and 1,500 reviews, only five text contributions can be found, which is unusual, it says. Furthermore, the few text articles point out the spam nature of the app. According to the reviews, the app is also unable to display PDF files – which contradicts the app’s name.
App still in the Play store
The app is still available via the Play store. However, it can be assumed that Google will delete it quickly – this is how the company has proceeded in similar cases so far. Most recently, 35 apps were removed from the Play Store a week ago that had been identified as malware by Bitdefender.
All those who have already installed the app are advised to uninstall it. This can be done via the app information and the app list in the smartphone settings.