Due to the not-so-strict policy of Google, when uploading applications to the Play Store, many developers upload malicious applications and malware, with intentions to steal private data from a user's device. Most of the malware that exists in Google Play is simply an infected version of the legitimate application. The malware authors simply take a genuine application, decompile it, insert their own malicious components, and then recompile it in order to distribute it on app stores and infect the users. This might sound complicated at first, but in reality, this is a really simple thing to do.
Let's try to analyze how a malware author modifies a legitimate application in order to create an infected version of it. One of the easiest ways to do this is to write a simple malicious application and place all of its malicious activities in a service. Furthermore, we will add a broadcast receiver in the AndroidManifest.xml
file so that a specified event such as the receiving...