A program that claims to be a PDF reader, but actually plays ads aggressively, ranks high on the Play Store: “PDF Reader: View Documents” by Fairy Games has reached over a million downloads.
Advertising even when the app is closed
Researchers from the Malwarebytes company have discovered the adware on the Play Store and put it under the microscope. They found, for example, that the so-called PDF reader also shows ads when it’s closed. This is made possible by an ad SDK developed specifically for the app. Ad SDKs are used to enable in-app advertising, which is typically used to fund free versions of apps. While ordinary Ad-SDKs display ads sparingly and exclusively within the app they belong to, the Fairy Games Ad-SDK crosses many boundaries. For example, it was noticed that a notification tone sounds a few hours after downloading the app; when the phone is subsequently unlocked, the home screen is covered by a full screen ad. In some cases, advertising videos are also played here.
some red flags
Malwarebytes notes that it makes sense to carefully study app descriptions and meta information before downloading. For example, in the case of the application “PDF Reader: view documents”, some warning signs can be detected. Malwarebytes mentions the name of the company behind the app as the first warning sign. Based on this, it is not obvious that a game company offers a PDF reader. Malwarebytes also cites the 17+ age restriction as another red flag. This is unusual for a PDF reader, as the reader itself does not contain any content that is relevant to minors. The third warning sign pointed out by the computer security company is app reviews. Thus, with more than a million downloads and 1,500 reviews, only five text contributions can be found, which is unusual, he says. Also, the few text articles point out the spammy nature of the app. According to reviews, the app is also unable to display PDF files, which contradicts the name of the app.
The app is still on the Play Store
The app is still available through the Play Store. However, it can be assumed that Google will remove it quickly; this is how the company has proceeded in similar cases so far. Most recently, 35 Play Store apps that Bitdefender had identified as malware were removed a week ago.
All those who have already installed the application are recommended to uninstall it. This can be done through the app info and app list in the smartphone settings.
