ISIS Forums Worry Hackers Are Targeting Their Android Downloads

And they're not wrong to feel afraid

Mar 28, 2016 at 6:00 PM ET

Google has long warned against opening unauthorized Android apps. Now ISIS has gotten the message, too.

The safest way to download a new application to an Android phone or tablet has long been Google’s Play Store. It’s not perfect, but new apps uploaded through it are scanned with a malware detector called Google Bouncer, designed to reject software that could harm users.

That’s not much of a problem for most people: The Play Store has millions of apps available for download. But it’s an issue for ISIS affiliates, who have created several propaganda apps. As a rule, ISIS apps don’t get approved on Google’s distribution platform, so supporters have to share those files individually as an Android Application Package (APK), essentially a way to download an app without using an authorized app store. 

Earlier in March, the private ISIS forum Shumukh al-Islam warned users, in Arabic, against downloading Android apps not authorized by “official” ISIS media organizations. It took care to point out the real link for the al-Bayan Radio app—the “official” ISIS radio app.

Underneath, one user asked how to tell what a “faked app” is and how to check for it. “There are many dangers,” another responded, and warned to watch for apps that seemed to want to suss out their users’ personal information when it shouldn’t need it. “Most of the apps ask for authorization, access to pictures and videos and contacts and sometimes for you location,” the responder wrote. “[It’s like how] the Viber and Facebook and Google products can enter your phone and take whatever they want.”

On Sunday, security journalist Joseph Cox posted a tongue-in-cheek tweet about using a malicious Android Application Package to hack jihadis.

ISIS-affiliated forums took it seriously. An influential Telegram channel called Information Security, which frequently posts amateur tips for followers to protect themselves online, screengrabbed Cox’s tweet, writing: “Warning: Wired news reporter suggests hacking jihadists by sending infected Android APK apps in taking control of the devices. Beware installing Android applications from n e location on the internet except from official sources.” By nature, ISIS Telegram channels are ephemeral, as the company frequently shuts them down. But by Monday, the message had been shared in at least ten other ISIS channels and forums.

Malicious apps can cause a host of problems, including sharing information stored on your phone with hackers, and they can be extraordinarily hard for an average user to remove. And simply avoiding unauthorized apps isn’t even a perfect solution. In January, Google removed 13 potentially malicious apps from the Play Store. Some of those apps, once downloaded, were even programed to go back to the Play Store to write themselves great reviews, encouraging others to become infected.