How we stop fraudulent apps from holding you ransom

Recently we shared our 2016 Android Security Year in Review, which looks at how we protect Android users and their data. Today, we’re taking a closer look at how we shield people from a rare—but particularly disruptive—potentially harmful app (PHA) known as ransomware. We’ve long had protections from ransomware in Android, and we added new ones in Nougat as well.

Ransomware is a type of app that restricts access to your device until a sum of money is paid. Ransomware usually presents itself in one of two forms: apps that restrict access to your device and then demand payment to regain access to the device, or apps that encrypt data on the device’s external storage (such as an SD card) and then demand payment to decrypt your data. To make the scam more convincing, fraudsters sometimes pretend to be from a credible law enforcement agency and accuse you of doing something illegal so you’re more likely to pay.

Although ransomware has begun to target mobile devices, it’s still rare: Since 2015, less than 0.00001 percent of installations from Google Play, and less than .01 percent of installations from sources other  than Google Play, were categorized as ransomware.  (That’s less than the odds of getting struck by lightning twice in your lifetime!).

Some examples of popular ransomware

And Android users have long been protected from ransomware. Our Google Play policies strictly prohibit apps that contain it, and if we ever detect these scams, we rapidly take action. Verify Apps, our security system that analyzes apps before they are installed and then regularly checks more than 400 million devices and 6 billion apps everyday for PHAs, is another safeguard. And Application Sandboxing, a technology that forces each app to operate independently of others, provides another layer of defense. Sandboxes require apps to mutually consent to sharing data, a protection which limits ransomware’s ability to access sensitive information like a contact list from another app.


Ransomware protections in Android Nougat

With the release of Android 7.0 Nougat, we added to existing defenses against ransomware, and also made some changes to address some of the newer tactics of ransomware scams. Here are a few examples:

  • Safety blinders: Apps can no longer see which other apps are active. That means scammy ones can’t see what other apps are doing—and can’t inform their attacks based on activity.
  • Even stronger locks: If you set a lockscreen PIN prior to installing ransomware, ransomware can’t misuse your device’s permissions to change your PIN and lock you out.
  • Whacking clickjacking: “Clickjacking” tricks people into clicking something, often by obscuring permission dialogs behind other windows. You’re now protected from ransomware attacks that use this tactic to sneakily gain control of a device.

Protecting your data and device from ransomware

Even with all the safeguards we’ve built into Android and Google Play to protect you from ransomware, there are still a few things that you can do to keep your device safe.

  1. Only download apps from a trustworthy source, such as Google Play.
  2. Ensure Verify Apps is enabled.
  3. Install security updates and always ensure your device is updated to the latest version to get the best security protection.
  4. Back up your device.
  5. Be cautious. Take a moment to read reviews and other information about apps before installing, to make sure you download the app you’re looking for.

If you accidentally install ransomware on your phone, you have a few options. First, you can try to boot into safe mode. Starting your device in safe mode means your device only has the original software and apps that came with it. If an app is misbehaving but the issues go away in safe mode, the problem is probably caused by a third-party app downloaded on your device. If you can boot into safe mode, try to uninstall the app and then reboot the device. On a Pixel, you can get into safe mode with a keyboard combination that PHAs can’t touch.

If safe mode doesn’t work, then you might have to reset your phone to factory settings. Many devices running Android allow you to remove dangerous apps by resetting it to factory settings (also referred to as formatting the device, or doing a “hard reset”). This should be your last resort, but if you’ve backed up your files, resetting your device should be easy. Check with your carrier or device manufacturer for instructions on how to reset your phone.

Ransomware on Android is exceedingly rare. Still, we’ve implemented lots of new protections in Nougat, and we continue to improve on the defenses that have long been in place. Those protections, along with extra vigilance about how you download your apps, will help keep you and your device secure.


Some OnePlus customers find fraudulent transactions on credit cards, OnePlus disables card payments

OnePlus 3 hands-on photo

OnePlus has shared some exciting news lately, like the Android Oreo update for the OnePlus 5 and the launch of the OnePlus 5T Sandstone white, but this week there’s some less-than-exciting news coming from the company.

OnePlus says that customers that recently made purchases from noticed fraudulent transactions on their credit cards this past weekend. These customers made credit card payments directly on and did not use PayPal.

The company is still looking into the situation, but while it does, it has temporarily disabled credit card payments on That means that if you want to buy something from OnePlus, you’ll need to use PayPal.

In its announcement, OnePlus explains that customers’ credit card info isn’t stored on its website, but is instead sent to a PCI-DSS-compliant payment processing partner over an encrypted connection. This issue isn’t a result of OnePlus’s “Save this card for future transactions” feature either, and the company says that its site should not be affected by the Magento bug that affected some sites because since 2014, OnePlus has been rebuilding its site with custom code rather than using the Magento eCommerce platform.

It’s still unclear exactly how the credit card info of some OnePlus customers ended up in nefarious hands. If you’ve recently made a purchase on OnePlus’s site and paid with a credit card, you should monitor your statements and report and suspicious activity. – Latest videos, reviews, articles, news and posts

Apple and Google Demanded to Pull Hundreds of Fraudulent Investment Apps

Following an investigation conducted by the Australian Securities and Investments Commission (ASIC), Apple and Google have been asked to remove “hundreds” of mobile trading apps from their respective app stores, which were determined to be responsible for scamming clients out of large sums of money, according to a report published by The Independent.

The ASIC’s review, which concluded and was published on Tuesday, largely focused on iOS and Android apps that specifically deal with so-called ‘binary options trading’; and the agency was able to identify upwards of 330 individual apps — some of which were offered through established financial institutions — that were unlicensed to offer these trading options in the first place. In its review, the ASIC cited particular concern over apps that “appeared to be misleading about the profitability of trading and the amount of profit that could be made,” “users could earn up to 90% in less than an hour,” or how “around 85% profitable signals from the top traders to guarantee the safe trading”.

What Is “Binary Options Trading”?

According to The Independent, binary options trading platforms “encourage investors to make simple bets on whether shares or currencies will rise or fall in value over time.” Interestingly, while several of these platforms, including some that are available on the app store, are indeed legitimate, the report cites an increasing number of fraudulent apps that have been sprouting up in countries like Australia, the U.K., and elsewhere in the world where government regulation is lower.

Unfortunately, since nearly all of these so-called binary options trading platforms are unregulated by any major financial governing bodies, those who decide to invest in them, and come to determine that they have been scammed, have little recourse insofar as getting their money back.

While more recent figures remain unavailable, as of May, 2016, the U.K.-based National Fraud Intelligence Bureau reported receiving as many as 305 individual reports of binary options trading scams. However a lawyer representing some of the victims, many of whom are senior citizens who were persuaded to invest lump-sum payments from their pension funds in these fraudulent platforms, mentions the actual number could be much higher since “victims are frequently too embarrassed to come forward and admit to being conned.”

“In an age where technology can hide who is offering and controlling a product, buyer beware has never been so important. If something appears too good to be true, it probably is.”

Want a FREE iPhone 7? Click here to enter our monthly contest for a chance!
Follow us on Apple News by pressing the (+) button at the top of our channel

iDrop News