The Legend of Zelda and dirty tricks by Android apps in the Google Play store

Filed Under: Android, Featured, Malware, Mobile

Naked Security reader Mark W got in touch with us after he installed a "Legend of Zelda" game on his Android smartphone from the Google Play marketplace:

"Dammit, I might have been done. Downloaded an Android version of Zelda, didn't check the permissions for once and was only alerted by some aggressive ads on my notifications bar."

Android security expert Vanja Svajcer of SophosLabs investigated, and quickly stumbled across the following suspicious app in the Google Play store. (It has since been removed by Google)

Bogus App on Google Play

Remember, of course, that Nintendo doesn't create official versions of its popular Legend of Zelda games for any non-Nintendo platform. So anytime you see a Zelda game being hawked for the PC, Macintosh, Android or iOS system it's almost certainly illegitimate.

In this case, the app is an open source N64 emulator packaged with an old game ROM. As such, it clearly represents theft of Nintendo's intellectual property.

However, if you didn't care about helping Nintendo with its current business problems, maybe you would install the app regardless.

Icons on the Android

In this case, you can see that the app has added two icons to the Android phone's home screen. One claiming to be a shoot-the-terrorist game, and the other to something calling itself "Top Offers".

These icons are, in reality, just shortcuts to web links. Whoever is behind the application that installed the icons is hoping that Android users will click on them and to display advertising.

Here are six of the icons that we found the app could install onto users' home screens - clearly designed to represent YouTube, Game of the Day, iTunes, and assorted Nintendo characters.

Shortcut icons

Whoever created the illegitimate Zelda app is probably hoping you are going to click on one of those icons..

Here is the "Counter Terrorism" app, as linked to in the previous example. Again it resides on the official Android Google Play market. It claims to be a first-person shooter in the style of "Call of Duty" or "CounterStrike":

Fake Counter Terrorism App on Google Play

Like the bogus Zelda game, it is designed to install shortcuts using misleading icons onto your home screen, and bug you with advertising from several different advertising frameworks (Google Ads, Leadbolt, Airpush, Mobox and Sellaring).

There's nothing wrong with ad-supported apps, of course. That's a legitimate business model. But there's something very shady about taking the hard work of others (or indeed their intellectual property) and trying to make a quick buck out of it by installing irritating shortcuts and revenue-generating adverts.

It appears whoever is behind these apps hasn't stopped with games. Here are some other Android apps that we found in the Google Play store, all seemingly up to the same shady practices.

For instance, the MP3 Music Download Free app claims to use code from Ringdroid - an Android open source project designed to help you create your own ringtones, and alarm noises.

MP3 music download app on Google Play

And this one - Star Chart Free - claims to use the open source code of the StarDroid sky-mapping app.

Star chart app on Google Play

There are genuine apps with similar names, and it appears that these dodgy icon-installing apps have been created purely to trick users into installing them.

In a nutshell, we have Android applications in the official Google Play market which take widely available open source code, modify it (without acknowledging that they have altered it in their market description), and add an excessively aggressive advertising framework to pimp and promote similar apps.

Sophos products are detecting the apps as Andr/Adop-A.

It can't go without saying that it seems extremely unlikely that Apple would ever have allowed these apps to have entered its App Store for iPhones and iPads. Once again, the freedom offered by the Google Android market is being abused.

, , , ,

You might like

3 Responses to The Legend of Zelda and dirty tricks by Android apps in the Google Play store

  1. " seems extremely unlikely that Apple would ever have allowed these apps to have entered its App Store for iPhones and iPads."

    These apps, perhaps, but are you telling me there really isn't anything like this in the App Store? Like, i dunno, the link right above this text box to an article about Fake iOS apps?

  2. bsod · 1223 days ago

    I think the author was simply referring to the more aggressive vetting process Apple go through before allowing apps on to the app store. The chances of an iOS device being infected with malware from a bogus app is a lot lower /almost zero. Of course if the iOS device is jailbraked then all bets are off and it is as susceptible to malware as any android device from apps downloaded from non apple app stores. Of course a non jailbroken iOS device is still suspectible to iOS holes that could be exploited by malware until such time as Apple release updates to plug the holes. No platform is 100% secure which is a sad enditement on the it industry, but Apple (and possibly Microsoft) may have the more secure model than Android currently does. My 2cworth anyway.

  3. Thomas · 944 days ago

    Yes, but android has a sort of do it you self secutiy, app can't do things (other then to it self)with out your permission in install., Really as long as you always look the the permisson on the app befor installing you should be fine. Other tips include doing reserach, becarful of apps with no reviews and apps with no press releses.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley