More than 200 apps in the Google Play Store had malicious advertising code that could cause a phone to display ads outside the app, direct users to websites and app store links, and even download new apps, according to the security firm Check Point.
Check Point says it reported the malicious apps to Google, which has since pulled them. Those apps had amassed nearly 150 million downloads before being removed, according to Play Store statistics.
Google did not respond to a request for comment. It’s hard to confirm whether all of the apps have actually been pulled since many of them have generic names and dozens of clones.
The malicious code made it into the apps by posing as legitimate advertising…