Android owners are being warned over fears millions of devices may have been infected by adware from apps on the Google Play store.
SophosLabs have pinpointed 47 apps that use a third-party library which overwhelms users with ads that are displayed even after the app is force-stopped.
The UK-based researchers said Google has removed some of the privately reported apps while others still remain.
The Android apps that continuously pops up ads have been downloaded up to six million times, according to SophosLabs.
The apps include the MarsDae library which spawns the pop-up torrents.
It supports Android versions 2.3 through to 6, as well as Samsung, Huawei, Mizu, Mi, and Nexus devices.
SophosLabs gave one app, Snap Pic Collage Color Splash, as an example of a Google Play app that incorporates MarsDae.
It has been downloaded from Google Play more than 50,000 times.
Once the app is installed, it causes pop-up ads to appear on the user’s home screen.
Even if you go into the system settings and force stop the app, the ads will resume after a few seconds.
The Snap Pic Collage Color Splash has since been taken off the Google Play store.
SophosLabs outlined how the apps continue causing ads to appear on Android 5 and 6.
Once dropped on an these versions of Android, the MarsDae library repeats a series of steps to keep the ads running.
SophosLabs said the following happens:
• It runs code that kicks off a number of processes
• It creates a file, then locks it
• Each process creates another file. For example, Process A creates a2 and repeatedly checks if Process B has created file b2, and vice versa
• If Process A finds file b2, it means Process B has started and locked file b1. Process A can delete file b2. Process B will do the same thing for file a2
• Process A keeps monitoring the lock status of file b1 while Process B monitors file a1. If any file is unlocked, it means the related process is dead. Then anther process can restart it again
SophosLabs added: “As clever as…