Google has banned around 29 beauty camera apps on the Play Store as it was discovered that these apps were sending users pornographic content, redirecting users to phishing websites and also stealing their private pictures.
Some of these Android apps have been downloaded millions of times and a large number of the download counts originated from Asia -- particularly in India.
Most of the 29 removed apps went out of their way to disguise their malicious nature.
An investigation carried out by security researchers at US-based cyber security firm, Trend Micro, found these apps displaying full-screen pop-up ads that linked to explicit content, while some went to the length of downloading a paid media player, and redirect to websites that collected phone numbers and addresses of users.
The apps also used tactics to ensure that they cannot be analysed.
As per the blog post, one of the tactics used by apps promising to let users edit and “beautify” their photos involved having them upload their photos to a server, and then responding with a fake prompt about needing to update. Instead of actually returning edited photos, the developers were able to collect users' photos for other purposes.
First, several of these beauty camera apps were “accessing remote ad configuration servers that can be used for malicious purposes,” says the security firm. The analysis shared by Trend Micro shows that most users would not realise that something was wrong with the apps until they wanted to delete the app.
All 29 apps removed claimed to be camera or photo-editing related, with the top three — Pro Camera Beauty, Cartoon Art Photo, and Emoji Camera, each getting over 1 million downloads. Other popular apps that were removed include, Artistic Effect Filter, Selfie Camera Pro and Horizon Beauty Camera, with each over 1,00,000 downloads.
The apps have now been removed by Google from the Play Store.
Some of these Android apps have been downloaded millions of times and a large number of the download counts originated from Asia -- particularly in India.
Most of the 29 removed apps went out of their way to disguise their malicious nature.
An investigation carried out by security researchers at US-based cyber security firm, Trend Micro, found these apps displaying full-screen pop-up ads that linked to explicit content, while some went to the length of downloading a paid media player, and redirect to websites that collected phone numbers and addresses of users.
The apps also used tactics to ensure that they cannot be analysed.
As per the blog post, one of the tactics used by apps promising to let users edit and “beautify” their photos involved having them upload their photos to a server, and then responding with a fake prompt about needing to update. Instead of actually returning edited photos, the developers were able to collect users' photos for other purposes.
First, several of these beauty camera apps were “accessing remote ad configuration servers that can be used for malicious purposes,” says the security firm. The analysis shared by Trend Micro shows that most users would not realise that something was wrong with the apps until they wanted to delete the app.
All 29 apps removed claimed to be camera or photo-editing related, with the top three — Pro Camera Beauty, Cartoon Art Photo, and Emoji Camera, each getting over 1 million downloads. Other popular apps that were removed include, Artistic Effect Filter, Selfie Camera Pro and Horizon Beauty Camera, with each over 1,00,000 downloads.
The apps have now been removed by Google from the Play Store.