CNBC:

That cute cat wallpaper for your Android phone or free photo-editing software app you downloaded may be using your phone without your permission and running up fraudulent ad views, according to a recent report from online marketing firm eZanga.

EZanga used its Anura ad fraud protection software to look at one module from a software development kit (otherwise known as an SDK) that hides in apps, then activates to run advertisements and play videos while the user is not on their phone. While the person may be sleeping, the malware chews up bandwidth and battery life.

And:

A Google spokesperson said all apps submitted to Google Play are automatically scanned for potentially malicious code and spammy developer accounts before they are published. Google said it also recently introduced a proactive app review process, as well as Google Play Protect, which scans Android devices to let users know if they are downloading a malicious app. There is also Verify Apps, which warns about or blocks potentially harmful apps.

And:

Google Play did remove all the apps eZanga named in the study within a few weeks, Kahn said. However, when they looked after the study in early August for the same SDK module, they found 6,000 more apps online (not necessarily in the Google Play store) that contained a morphed version of the malware.

Sounds like there’s a hole in the review process. This is the number one thing that keeps me from buying an Android device.