A pair of popular Android apps that claim to be file management tools are actually spyware, and have been sending sensitive user data to servers based in China. The apps, both with more than a million combined downloads, were uncovered this week by cybersecurity firm Pradeo and reported to Google.
Both of the fishy apps, ‘File Recovery and Data Recovery’ and ‘File Manager’, claim in their privacy policies that they don’t collect any user data. Yet, a look through the apps’ behavioral analysis engines reveal that they do just that: they exfiltrate user data including contacts saved on their device; connected email and social network accounts; pictures, audio and video compiled within the apps; real-time user location; app usage history; and the device brand and model. The stolen information is then sent to multiple malicious servers mostly based in China, Pradeo says.
The fact that the two apps are able to gather so much personal information without the user’s consent isn’t a surprise, but what makes this case different from other spyware in the Play Store is how aggressively it operates. “Unlike most other cases of data collection in the wild, which are often hidden away in the terms of service, these applications act as if they were legitimate services to gain traction and user trust,” the firm says in a blog post. “They do so by abusing the advanced permissions granted at install time to automatically restart, launch, and operate in the background. In addition, the apps hide their home screen icons to make it harder for users to find and uninstall them.”
The apps have also been found to abuse the “auto-update” feature in the Google Play Store, enabling them to send updates at a user’s discretion. And they are able to bypass standard security checks on the Google Play Store, allowing them to access phone settings, including Wi-Fi passwords, and even install malware on the user’s device.
These deceptive practices, coupled with the apps’ ability to steal a lot of sensitive data, is concerning for Android users, especially considering they are used by more than 1.5 million people. But the good news is that there are ways to protect yourself, including using a VPN when in public and staying away from apps with suspicious ratings and reviews.
Earlier this year, cyber-experts told The Sun that there are four red flags to always look out for on an Android phone. They include an excessive amount of permissions, a lack of reviews and unusually high download numbers. The most important thing is to be vigilant and check for these dangers before downloading an app. For more tips, check out the full article here.