The Legend of Zelda and dirty tricks by Android apps in the Google Play store

reader Mark W got in touch with us after he installed a “Legend of Zelda” game on his Android smartphone from the Google Play marketplace:

"Dammit, I might have been done. Downloaded an Android version of Zelda, didn't check the permissions for once and was only alerted by some aggressive ads on my notifications bar."

Android security expert Vanja Svajcer of SophosLabs investigated, and quickly stumbled across the following suspicious app in the Google Play store. (It has since been removed by Google)

Bogus App on Google Play

Sign up to our free newsletter.
Security news, advice, and tips.

Remember, of course, that Nintendo doesn’t create official versions of its popular Legend of Zelda games for any non-Nintendo platform. So anytime you see a Zelda game being hawked for the PC, Macintosh, Android or iOS system it’s almost certainly illegitimate.

In this case, the app is an open source N64 emulator packaged with an old game ROM. As such, it clearly represents theft of Nintendo’s intellectual property.

However, if you didn’t care about helping Nintendo with its current business problems, maybe you would install the app regardless.

Icons on the Android

In this case, you can see that the app has added two icons to the Android phone’s home screen. One claiming to be a shoot-the-terrorist game, and the other to something calling itself “Top Offers”.

These icons are, in reality, just shortcuts to web links. Whoever is behind the application that installed the icons is hoping that Android users will click on them and to display advertising.

Here are six of the icons that we found the app could install onto users’ home screens – clearly designed to represent YouTube, Game of the Day, iTunes, and assorted Nintendo characters.

Shortcut icons

Whoever created the illegitimate Zelda app is probably hoping you are going to click on one of those icons..

Here is the “Counter Terrorism” app, as linked to in the previous example. Again it resides on the official Android Google Play market. It claims to be a first-person shooter in the style of “Call of Duty” or “CounterStrike”:

Fake Counter Terrorism App on Google Play

Like the bogus Zelda game, it is designed to install shortcuts using misleading icons onto your home screen, and bug you with advertising from several different advertising frameworks (Google Ads, Leadbolt, Airpush, Mobox and Sellaring).

There’s nothing wrong with ad-supported apps, of course. That’s a legitimate business model. But there’s something very shady about taking the hard work of others (or indeed their intellectual property) and trying to make a quick buck out of it by installing irritating shortcuts and revenue-generating adverts.

It appears whoever is behind these apps hasn’t stopped with games. Here are some other Android apps that we found in the Google Play store, all seemingly up to the same shady practices.

For instance, the MP3 Music Download Free app claims to use code from Ringdroid – an Android open source project designed to help you create your own ringtones, and alarm noises.

MP3 music download app on Google Play

And this one – Star Chart Free – claims to use the open source code of the StarDroid sky-mapping app.

Star chart app on Google Play

There are genuine apps with similar names, and it appears that these dodgy icon-installing apps have been created purely to trick users into installing them.

In a nutshell, we have Android applications in the official Google Play market which take widely available open source code, modify it (without acknowledging that they have altered it in their market description), and add an excessively aggressive advertising framework to pimp and promote similar apps.

Sophos products are detecting the apps as Andr/Adop-A.

It can’t go without saying that it seems extremely unlikely that Apple would ever have allowed these apps to have entered its App Store for iPhones and iPads. Once again, the freedom offered by the Google Android market is being abused.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.