According to Lion Gu, a senior threat researcher with the Tokyo-headquartered IT security vendor, the fact that these stores are on Chinese domains is no surprise as the Android operating system is also becoming more and more popular in China.
Many users, he says, choose to use Android-based devices because of their powerful functions, various phone types, reasonable prices, and plenty of applications.
“This growth of Android users in China, however, seems to do little for the rocky relationship between Google and the Chinese government. It has been reported that access to the Google Android Market has been intermittent since 2009”, he says in his latest security posting.
In fact, adds Gu, access to the Android Market was blocked in China for three days during October, although this inconvenience in is not one experienced by users from other countries.
Early third-party app stores, he goes on to say, were founded as an online forum for some Android fans. The fans discussed topics about the OS, and also released a few applications in the online forum. After the Android Market became inaccessible to China-based users last year, the forums became popular among Android developers and users.
With the number of Android users growing so quickly, he notes, many have chosen to participate in the app store field. There are about 20 Chinese third-party app stores right now. Currently, the top three third party app stores are Hiapk, Gfan, and Anzhi (aka Goapk).
“Most applications in the stores are free. Developers make money from advertisement embedded in their applications”, he says, adding that he and his team have seen that most malicious applications coming from China are found in those stores.
“The reason is pretty obvious: these stores are the best way to deliver malicious applications to a multitude of end-users”, he explained.
The bad news, the Trend Micro senior threat researcher goes on to say, is that aside from malicious applications, repackaged applications and pirated applications are also hosted in these stores.
“As most of the app stores in China are relatively small by global comparison, the resources required to maintain effective levels of application monitoring and testing are not available. This leaves them open to a greater likelihood of hosting malicious applications. It is therefore up to the individual user to attempt to ensure a sufficient level of security of their device, the first step of which is to be vigilant in only downloading and installing trustworthy apps”, he concludes.