Popular apps with 1.5 million downloads discovered sending private data to China
Two very popular apps found on the Google Play Store have been found to collect and send data to China.
Researchers at mobile security firm Pradeo found that the two file management apps, which have a combined download count of 1.5 million, had the ability to launch without the device owner doing anything.
“This week, our engine detected two spyware programs hidden in the Google Play Store affecting up to 1.5 million users,” Pradeo said.
“Both applications are from the same developer, pose as file management applications, and exhibit similar malicious behavior.
“They are programmed to launch without user interaction and to silently leak sensitive user data to various malicious servers based in China.
“We have alerted Google of the discovery before publishing this alert.”
Both apps stated that they do not collect data on the Google Play website; However, Pradeo discovered that a number of data points were being collected and sent.
Pradeo stated that the applications collect and send:
- “User contact lists from the device itself and all connected accounts such as email, social networks…
- “Media collected in the application: images, audio and video content.
- “User location in real time
- “Mobile country code
- “Network provider name
- “SIM provider network code
- “Operating system version number, which can lead to vulnerable system exploitation like the Pegasus spyware did
- “Device brand and model.”
The first app, “File Recovery & Data Recovery”, had an install count of over 1 million, while File Manager had over 500,000. Both apps were uploaded by the same editor, Wang Tom.
Pradeo said developers use a number of “sneaky behaviors” to increase the app’s success, including creating a façade that the app is legitimate and requires less user interaction to engage in malicious activity.
In the case of both applications in question, the developer also assured that uninstallation was impossible. Users of the program can try to uninstall it, but it will remain active and invisible.
“It is common to believe that on a mobile device all applications are visible on the home screen,” says Pradeo.
“However, that is not the case and an app can simply hide its icon from general view.
“Both malicious programs use this technique to make them difficult to uninstall. To remove them, users need to go to the apps list in settings.”
Users are advised to download programs that have reviews and read them before downloading them. Additionally, organizations should “automate mobile device discovery” to offer users secure flexibility. This involves examining applications and denying them access to a device when they do not match the company’s security policy.