Apple & Google Clamp Down On Chameleon Gambling AppsDavid Burgundy | 30 Sep 2019
Cyber security specialists Trend Micro recently reported to both Google and Apple that they had discovered hundreds of ‘chameleon apps’ in their stores that were actually facilitating illegal gambling. The two giants of the tech world have both since removed all of the products that were pointed out. The software was apparently loaded onto the App Store and Google Play Store using fake descriptions and masking the actual content until they were downloaded.
The mobile threat analysts working for Trend Micro ran several checks in both app stores and discovered that both had hundreds of chameleon apps. They found a large number that looked like they were normal content, such as weather or entertainment apps. However, once downloaded, it was obvious that they were actually for real money gambling. Many of these apps appeared to be aimed at the Chinese market where many forms of gambling are illegal.
Strict Real Money Gambling Policies
Both Google and Apple were quick to announce that these chameleon apps had been removed. Both companies have been seriously clamping down on their regulations for real money gambling or apps that include an element of this. They are not completely disallowed on the platforms. However, they do have to follow certain guidelines in order to be allowed.
Firstly, neither company will allow a gambling app to be used in a region where the developer or distributor doesn’t have the rights to operate, or where digital gambling is banned all together. Secondly, the uploader has to give a full description of the product to ensure that the App Store or Google Play Store can double check whether or not it is allowable in the regions they wish to operate.
How Do Chameleon Apps Work?
It’s at the description phase where developers can turn their software product into chameleon apps. They give a description that is completely fake, and hides the true nature of the product. This includes a faked list of functionality, and even fake screenshots and videos. It is only once the software is downloaded and opened that the real money gambling elements appear.
Some of these fakes even have what Trend Micro referred to as a switch feature. This is a piece of code that makes the gambling elements completely dormant and undetectable during the review process. The dangerous or banned content is essentially switched off until it is successfully uploaded onto the platform. The code then reactivates the elements that are banned once it detects that the software has been downloaded onto a device.