According to Google, Tizi has similar capabilities to commercial spyware and after gaining root steals data from Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram.
It can also record calls from WhatsApp, Viber, and Skype, as well as access calendar events, call log data, contacts, photos, Wi-Fi encryption keys, and a list of installed apps.
Additionally, it can record audio when the user is not actively using the phone and take pictures without displaying the image on the screen.
The malware was used in targeted attacks, with the vast majority of infected devices located in Kenya, but there was also a significant number of infections in Nigeria and Tanzania.
One of the other Tizi-infected apps, for example, appeared to target people who would be interested in installing an app about the National Super Alliance, a Kenyan political coalition known as NASA. Another Tizi-infected app was a bogus system update.
Google shared the examples from VirusTotal to encourage security researchers to dig into this malware.
The company has suspended several developer accounts responsible for the Tizi-infected apps and has disabled the apps on affected devices using Google Play Protect. Google found 1,300 devices affected by Tizi.
The Twitter account spreading links to the MyTizi app was still today posting links to the now-removed Play Store page.
All devices with a security patch level of April 2016 or later are "far less exposed to Tizi's capabilities", according to Google.
Among nine vulnerabilities the Tizi apps use to root devices were the so-called Towel Root CVE-2014-3153, and Ping Pong Root CVE-2015-3636 flaws.
However, the patch for Pipe Root highlights the problem that Android users face, particularly for users who own cheaper and older devices.
Google quickly patched affected Nexus 5 and Nexus 6 devices, but it's likely many other Android OEMs did not follow suit.
The same problem applies to Google's Android monthly patches in general: Google and some larger handset makers such as Samsung and LG regularly provide monthly patches, but many handset makers make no commitment to do so.