Sending Data to China? These Apps With 1.5M Installs on Google Play Are Collecting User Data

Updated: Friday, July 7, 2023, 17:21 [IST]

The world of mobile applications is a vast and diverse ecosystem, offering countless options to enhance our digital lives. However, this vibrant landscape is not without its dangers. Security researchers have recently made a significant discovery on Google Play, uncovering two file management applications that were found to be malicious.

These seemingly innocuous apps, originating from the same publisher, had amassed an astonishing 1.5 million installations. Their true objective was to gather excessive user data, surpassing the requirements for their advertised functionality.

The Silent Threat

What makes these apps particularly concerning is their ability to operate without any interaction or consent from the user. In other words, they work silently in the background, discreetly extracting sensitive data and transmitting it to servers located in China. Even after being reported to Google, these two malicious apps remained available on Google Play, posing a significant risk to users.

Unveiling the Malicious Apps

The first identified app, called File Recovery and Data Recovery (also known as “com.spot.music.filedate”), had over 1 million installs. The second app, File Manager (identified as “com.file.box.master.gkd”), had amassed at least 500,000 installations. These apps presented themselves as tools for file management and data recovery, luring users with promises of enhanced functionality. However, their true purpose was far from benign.

The Discovery

The discovery of these malicious apps was made by Pradeo, a mobile security solutions company renowned for its expertise in combating mobile threats. Using their behavioral analysis engine, Pradeo uncovered the nefarious activities of these seemingly legitimate apps.

Interestingly, the Google Play entry for these apps claimed that no user data was collected from the device, as stated in their Data Safety section. However, Pradeo found irrefutable evidence to the contrary.

The Theft of Sensitive Data

The malicious apps were found to extract various types of data from the user’s device, including contact lists, pictures, audio, and video files managed or recovered within the applications. In addition, they surreptitiously obtained real-time user location, mobile country code, network provider name, network code of the SIM provider, operating system version number, and device brand and model.

While some of this data might have legitimate purposes related to performance and compatibility, the majority of it was unnecessary for file management or data recovery functions. The most alarming aspect is that all of this data collection occurred without the user’s consent.

Evading Detection and Removal

To compound matters, these two malicious apps took additional measures to evade detection and removal. They concealed their home screen icons, making them harder to locate and eliminate. Furthermore, they exploited the permissions granted by the user during installation to restart the device and run silently in the background. These tactics ensured that the apps remained hidden and continued their malicious activities undetected.

Artificial Inflation of Popularity

Pradeo speculates that the publisher behind these apps might have used emulators or installed farms to artificially inflate their popularity and create an illusion of trustworthiness. This theory is supported by the disproportionately low number of user reviews on the Play Store compared to the reported user base.

Google’s Response

Google, in a statement to BleepingComputer, a cybersecurity-focused news website, officially acknowledged that the mentioned apps have been successfully removed from Google Play.

“These apps have been removed from Google Play. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play.”

Protecting Yourself

In light of this discovery, it is essential to take proactive steps to mitigate the risks associated with such malicious apps. Always check user reviews before installing any application, as they can provide valuable insights into the app’s reliability and security.

Pay close attention to the permissions requested during the installation process, and consider whether they are necessary for the app’s intended functionality. It is also wise to trust software published by reputable developers only, as they are more likely to prioritize user privacy and security.

Via

Best Mobiles in India