More than 500 Android apps, collectively downloaded over 100 million times from the Google Play store, could have been used to secretly distribute spyware to users, thanks to a malicious advertising SDK (software development kit). Mobile apps — especially free ones — commonly use advertising SDKs to deliver ads to their customers through existing advertising networks, thereby generating revenue.