Dozens of Android apps have been found to be infected with a virus, it has emerged. The malware, named BadNews, has been discovered in 32 apps on the Google Play store, from four different developers.

The effected apps have been downloaded between two and nine million times, according to Google Play statistics – although not all of these downloads will be the malware-infected versions.

BadNews is reportedly able to trigger application download prompts and display fake messages, and is also capable of leaking the user’s phone number and device identifiers.

With millions at risk of serious security breaches, Android users are advised to check permissions in app settings and only download from trusted developers.

Subsequently Google, developer of the Android OS, publicly stated at a security conference that “it had no evidence that BadNews was playing a part in the distribution of SMS-borne frauds”, adding “we haven’t seen a single instance of abusive SMS applications being downloaded as a result of BadNews”.

The BadNews malware infestation was initially reported by mobile security company Lookout, and they still maintain that this is in fact malware.

Jeremy Linden, security product manager at LookOut recently was quoted by The Register as saying, “Our analysis confirms that BadNews does prompt the user to install a malware application,” but that it was written “to avoid detection”. This means that the malware generally stays inactive, but becomes active for only a few minutes at a time to make it harder to detect.

He continued, “There’s a high possibility that Google hasn’t seen it sending malware. We have systems that act like they’re infected clients, so they can sit on the malware networks and log malicious traffic. We are still seeing traffic from BadNews and we’re seeing an evolution of the code base.”

It seems freedom comes at a cost: while proponents of Android praise its openness, it’s this same quality that makes it easier for developers to insert malware within their apps. By contrast, iOS apps are manually tested by Apple before they make it into the app store to ensure they’re stable and virus-free.

Until Google Play decide to bring in some form of testing and approval, it seems Android users may be at greater risk.