Another day, another Play Store deletion.NurPhoto via Getty ImagesRepublished on March 16th with further reports into dangerous Android apps and the release of new Android protections for millions of users.What a week for Play Store. Google has been busy with its delete button, with multiple threats sneaking their way inside Androids best secured app vault. Not a good look. And all this has come hot on the tail of the latest warning that Android is under attack.First came an ad fraud scheme leading to the deletion of 180 apps with 56 million downloads, then another dangerous Anatsa/Teabot trojan ejected from the store, we have even fake Play Store pages tricking users into high-risk installs.Now another threat has been outed, with Google confirming all the newly identified apps hiding a nasty new spyware have also been ousted from Play Store. This latest warning came courtesy of Lookout, which attributed the new KoSpy malware to the North Korean group APT37 [ScarCruft]. The team says the spyware can collect extensive data, such as SMS messages, call logs, location, files, audio, and screenshots. Its a North Korean team effort with evidence of infrastructure being shared with APT43 [Kimsuky]This latest warning clearly raises questions around the fences Google has erected around Play Store. Googles claim to be a protector of Android users security is falling short once again, per one news report this weekend. After recently removing several malicious apps from the Play Store, its clear that Google is still struggling to keep harmful spyware, like KoSpy, out of its ecosystem.The new malware attacks both English and Korean speakers, and seemingly dates back at least to early 2022 and is still in the wild now. KoSpy has been observed using fake utility application lures, such as File Manager, Software Update Utility and Kakao Security, to infect devices. The spyware comes with an impressive list of capabilities:"Collecting SMS messagesCollecting call logsRetrieving device locationAccessing files and folders on the local storageRecording audio and taking photos with the camerasCapturing screenshots or recording the screen while in useRecording key strokes by abusing accessibility servicesCollecting wifi network detailsCompiling a list of installed applications."While none of the identified apps remain on Play Store, they will be available elsewhere. KoSpy samples in Lookouts corpus masquerade as five different apps: (Phone Manager), File Manager, (Smart Manager), (Kakao Security) and Software Update Utility. If any are on your phone, delete them now."As well as KoSpy, you should remove any of the ad fraud and Anatsa apps (per links above), which Google has also confirmed have been deleted from the store. You should also ensure Googles Play Protect is enabled at all times on your device.In response to Lookouts report, Google told me the use of regional language suggests this was intended as targeted malware. Before any user installations, the latest malware sample discovered in March 2024 was removed from Google Play. Google Play Protect automatically protects Android users from known versions of this malware on devices with Google Play Services, even when apps come from sources outside of Play.Play Store spyware appLookoutGoogle is updating Play Protect to make it easier to pause its defenses to facilitate sideloading. As this new warning clearly illustrates, you should never do this unless youre absolutely sure of the legitimacy of the app youre installing and the source. As Ive warned before, sideloading itself puts you at risk and this new option is dangerous and needs handling with care. Youre driving at speed, but removing your seatbelt.A timely new report from UCL in London has just warned that some unofficial parental control apps have excessive access to personal data and hide their presence, raising concerns about their potential for unethical surveillance as well as domestic abuse, highlighting that sideloaded apps are much riskier than those on Play Store.The new study is the first to compare official parental control apps available in the Google Play Store and sideloaded or unofficial parental control apps available from other sources The team found that sideloaded apps were more likely to hide their presence from the phone user [and] require excessive permissions, including dangerous permissions such as being able to access personal data, like precise user location, at all times. None of which should come as a surprise.Of note, the report flags the exact issue with sideloading that comes from disabling or pausing Googles Play Protect. Disabling Google Play Protect leaves the device vulnerable to malware and viruses, which is not ideal, especially for childrens phones. However, 17 out of 20 sideloaded apps instruct the user to disable the feature, as otherwise the parental control app might be flagged as malicious and disabled by Google Play Protect. We tested how many of the sideloaded apps would be detected by Google Play Protect. In total, 13 apps were detected by Google Play Protect version 42.1.27-31, whereas seven were not considered to be harmful: Bark, EvaSpy, FlexiSpy, Spapp Monitoring, SPYX, TheOneSpy and TiSpy.This is just the latest report to highlight sideloading risks, which Google itself warns is dangerous. Whats interesting here is that parental control apps by their nature will ask for excessive permissions to operate. Its a boon for data harvesters to be able to operate in this way on your phone. But for apps in such a sensitive area to be able to lure users into installing, potentially disabling Play Protect in the process, is dangerous.While Samsung is hardening its devices against sideloading more than Google, the Android-maker has been more vocal on the dangers from installing apps from outside Play Store, notwithstanding this latest Play Protect change. All this is made more complex by current regulatory pressure on Google and Apple to open up their devices to app stores beyond their own.Google has long promised to eradicate such abuse, removing these apps from Play Store and monitoring on-device behavior. But all this remains work in progress. Multiple warnings last year highlighted just how rife such Play Store abuse remains.With even Samsung now set to release Android 15 with its One UI 7 release, attention will quickly turn to Android 16, which is due for release in June, a quarter ahead of the usual annual cycle. While this will put pressure on Android OEMs, it is good from a user perspective, bringing new security and privacy innovations. One of these will be Googles extension of its Advanced Protection Program, which will now add a flag for apps on an enrolled device to shore up security and will also block sideloading. Beta 3 of Androids next OS has just been released for Pixel users.In the meantime, we have confirmation this weekend that recent Samsung flagships at least should receive Android 15 before the end of April. This is critical as it brings new on-device capabilities to monitor app behaviors and flag threats in real time. Shifting from server-side only protection to more capable local defences is critical, given that apps can be coded to download threats onto a phone once installed, preventing detection. while going through their Play Store onboarding.These new live threat protections will apply to apps whether or not they come from Play Store, just as Play Protect now does assuming you dont disable it, of course.