As part of an effort to help users gain a better understanding of what data an app collects before downloading it, Google Play introduced "nutrition labels" with a privacy-focused focus last year. However, researchers have found a way to work around the system and steal user data. This is done by inserting a way to avoid the system. In an article released by Pradeo, a mobile cybersecurity company, cybersecurity analysts discovered two apps on Google Play.
These apps threatened to send data from users' Android devices to malicious servers based in China as a result of spyware According to the firm, more than ten lakh users globally are affected by spyware-laden applications. According to it, the app's download pages claim it will not collect data about you.
According to a report released by Google Play Store security analysts, two apps that appear to be file management apps but are spyware have been discovered. 1.5 million Android users risk compromised privacy and security due to this vulnerability. Hence, you must remove these apps as quickly as possible from the latest Android phones that boast some of the most impressive features.
A leading mobile cybersecurity company, Pradeo, which offers mobile security products, announced this week that its smartphone security app, File Recovery & Data Recovery, has been flagged as malicious. As both apps are produced by the same developer, they are programmed to launch without requiring the user to do anything. Their servers in China quietly store sensitive user information securely sent to them.
More than one million downloads of File Recovery & Data Recovery have occurred. In Pradeo's report, screenshots of their respective Play Store pages showed that about 500,000 people installed File Manager, based on screenshots taken from the PANDEO website.
As outlined in their blog post, after analyzing both spyware apps, the researchers determined that both collected personal data from their targets. They sent it to many servers located mainly in China. These apps are considered malicious by the majority of users and are said to threaten their privacy and security, which is an essential point to note.
Data that has been stolen includes the following:
- Contact information is collected by the apps via the device itself and connected accounts, such as email and social media accounts.
- Aside from pictures and audio files, the apps also collect videos and pictures saved on your device.
- By tracking the user's location, spyware can retrieve his or her current position.
- The system collects the mobile country code, network provider name, and SIM code of the SIM provider. This is among other variables.
- There is a capture of the operating system version number. This could potentially be exploited by vulnerabilities similar to those in the Pegasus spyware incident, if one exploited them.
- Spyware can record the model and brand of the device it targets.
Even though the apps may have a legitimate reason for gathering some of the information above to ensure smooth performance and compatibility with any updated devices. However, most of the information gathered is not required to manage files or recover data. Unfortunately, this company collects data secretly without the user's consent.
Moreover, Pradeo has added that the home screen icons of the two apps are hidden, so it will be harder to find them and remove them from your device. It is also possible for them to misuse the permissions the user approved during installation. They can restart the device and launch it in the background without the user's knowledge.
Pradeo speculates that the company used emulators or install farms to create a false impression of trustworthiness to increase its popularity within the game industry. This hypothesis is supported by the fact that there are few user reviews on the Play Store. This is compared to the reported number of users who wrote reviews about the application on the Play Store.
There is always a recommendation to check user reviews before installing an application. This is done by paying attention to the permissions requested when installing the application, and only trusting applications created by reputable firms.
This whole incident serves as a stern reminder of the persistent cyber tug-of-war waged, with malicious actors constantly advancing their methods. Every user must exercise caution in this digital minefield, especially when downloading apps and navigating them.
Do not forget to read the permissions of all apps before granting them access to the device as they will always ask for your permission. Further, your security software must be updated, and you should use a secure and complex password. Lastly, it is imperative to remain vigilant against phishing attempts and never click on suspicious links.