A report from security researchers at Symantec have found a large list of malicious apps on the Android Play Store that have been on the store before and removed by Google in the past. The bad part is the source code for the apps have not changed since the new uploads but the apps where only uploaded with a new name. This shows a flaw in how Google handles app submissions by not even checking for source code matches to apps that have been blocked in the past. Symantec also at the same time found 38 other malicious apps while looking for duplicate app uploads.
At the same time Lukas Stefanko a mobile security researcher from ESET has also detected another 15 malicious apps that made it on the Play Store with over 400K downloads and counting.
Uninstall these apps!
15 apps with more than 400k+ installs in total found on Google Play.
These apps can download additional payload and display + click on "invisible" ads. Everything is hidden from user's view. pic.twitter.com/Zb5wdnJY6G
— Lukas Stefanko (@LukasStefanko) May 10, 2018
This shows that even though Google is trying hard to keep bad apps off the Play Store they are not doing enough, or in some cases the basics.