A recent report by Indian technical website TOI revealed that a report from security research firm Pradeo claimed that two applications were loaded with more than 1.5 million downloads sending user data to China.
What are the two apps?
In a blog post, Radio said that both apps from the same developer "represent file management apps and have similar malicious behaviors" the apps in question are "File Recovery & Data Recovery" and "File Manager".
How do you “spy” apps on users?
According to Pradeo, these apps were programmed to be launched without user interaction, “and to silently leak sensitive user data towards various malicious servers based in China,” the two apps claim to not collect any data from users’ devices. Pradeo found that this was not accurate and that the apps were already collecting user data.
What kind of data did these apps collect?
Among the data collected by these were user contacts, photos, audio and video files, network provider name, OS version number, device brand and model, country code and more.
Pradeo has alerted Google about these apps but they are still in the Play Store, and users are advised to delete them if they install them, however, according to the code, these apps cannot be uninstalled easily, “Both malicious software uses this technology to make the uninstallation more difficult, to delete them, users need to go to the list of apps in Settings, “by radio.
Also, Pradeo has three security tips for downloading apps:
- Don’t download apps that don’t have any revisions while thousands of users.
- Reading reviews when there are any, they usually reflect the true nature of the applications.
- Read the permissions carefully before always accepting them.
