Google has removed apps linked to the GhostAd adware operation from the Google Play Store, following reports of excessive battery and data usage for Android users. The removal comes after Check Point researchers identified the adware, which was embedded in utility and emoji-editing apps.
Background on GhostAd
GhostAd disguised itself within about 15 apps, some of which gained significant traction—one reaching the second position in Google Play’s Top Free Tools category. These apps ran a hidden advertising engine that continued operations even when closed or after a device reboot. Symptoms included persistent pop-up ads, vanishing app icons during uninstallation, and a noticeable decrease in device performance, leading to user frustration.
User Guidance
Google has confirmed the removal of the compromised apps from its store as of 2025-11-30. However, any apps previously downloaded remain on user devices. Users must manually uninstall these apps to fully mitigate the impact of GhostAd. Check Point recommends examining reviews, verifying developer reputations and scrutinizing app permissions to avoid such issues in the future.
Industry Implications
This incident highlights the potential for legitimate Software Development Kits (SDKs) to be exploited for malicious purposes, blurring the lines between aggressive marketing and malware. It pressures developers and marketplaces to implement stricter controls and vetting processes to protect consumers from similar threats. As the digital ecosystem grows, vigilance remains necessary to guard against such deceptive practices.
