If you have a recent Android phone, then 2025 is the year your device locks down. There is a serious risk that apps you use daily will stop working. And if you have an older device, then it may be even worse. Google is finally cracking down on the scourge of malicious apps that plague its ecosystem, and the impact should be severe.
Sideloading apps from outside Play Store is such a core part of Android’s DNA that many users will rally hard against such changes. As Android Police puts it, “these tighter security measures protect average users from malicious apps but risk alienating power users, amateur developers, modders, and enthusiasts who depend on Android’s flexibility… the backlash to these changes quickly becomes apparent.”
But Google has little choice. Android’s open ecosystem is its Achilles heel. And so it is with the latest spyware warning that has just been issued. Another dangerous app mimicking a regular one is putting users at risk. This new malware was reported by Cyfirma at the turn of the year, but it has only just been picked up now.
“FireScam,” the researchers warn, “is a sophisticated Android malware masquerading as a Telegram Premium app… The malware performs extensive surveillance… exemplifying the advanced tactics used by modern malware to evade detection, execute data theft, and maintain persistent control over compromised devices.”
First, the app you need to avoid or delete is “Telegram Premium,” an app cloaked in the look and feel of the real billion-user messenger. The dropper package is “GetAppsRu.apk.” This is yet another example of copycat apps using phishing lures to trick users into installing or updating popular, trusted apps from outside the regular ecosystem—you must never do that. Chrome, Facebook, WhatsApp and similar apps should always be installed and updated from within the Play Store.
According to Cyfirma, the malicious app comes by way of a phishing website, with links likely pushed out by email and message. “The malware exfiltrates sensitive data, including notifications, messages, and other app data, to a Firebase Realtime Database endpoint. FireScam monitors device activities such as screen state changes, e-commerce transactions, clipboard activity, and user engagement to gather valuable information covertly. Cyfirma adds that “by exploiting the popularity of messaging apps and other widely used applications, FireScam poses a significant threat to individuals and organizations worldwide.”
Clearly, you need to delete this app if you have it. But that’s not really the point. Android 15 marks a sea change for Android and its users, as Google narrows the gap to iPhone. We have already seen a cull of low-quality, high-risk apps on Play Store and now live threat detection and various mechanisms to stop apps being sideloaded have also been deployed. These even include changing the behaviors of legitimate apps sourced from outside the official app store when on devices.
Google is also changing its Play Integrity API from May. This goes further and even enables a developer to restrict its app if the OS on a device is older than Android 13. This will hit as many as 750 million users with older phones as the ecosystem tightens. “These restrictions,” Android Police says, “disproportionately affect users who prefer to control how they use their devices, chipping away at one of the defining reasons many choose Android.” And that’s the crux here.
Lookout’s recent mobile threat report flagged five of the seven “most critical threat families” as spyware. For mainstream users, Android’s mandate to know what you’re doing or too easily fall foul of malicious tricksters is a huge threat. Which is why Android has always carried its dangerous tag when compared to iPhone. Both Google and Samsung are pushing back now, and these changes won’t be reversed.
