What just happened? We’re often told to be careful when it comes to sideloading apps from outside of the Play Store, but the marketplace has seen its fair share of malicious applications. Joining the list are nine apps that Google has just removed for stealing users’ Facebook login details. The worrying part is that they were downloaded more than 5.8 million times.
Dr. Web (via Ars Technica) reports that, like many malicious apps, these performed their advertised functions, such as photo editing, exercise and training, horoscopes, and removing junk files from a phone. They also offered a way to disable their in-app ads by logging into a user’s Facebook account.
Most of the 5.8 million downloads were from an app called PIP Photo. This was followed by Processing Photo, which had more than 500,000 downloads. Rubbish Cleaner, Inwell Fitness, and Horoscope Daily all had over 100,000 downloads.
A Google spokesman says the apps have now been removed from the store, and the developers have been banned from submitting any new apps—though they could always submit under a different name.