Google Play began launching privacy-focused “feed labels” last year to help users know which data applications they collect even before downloading.
However, it appears that bad actors and developers have found a way to avoid the system to steal user data.
According to Pradeo’s cybersecurity analysts for mobile cybersecurity, two apps were found on Google Play with spyware sending data to malicious servers.
The company notices that more than 10 users are affected by applications loaded with spyware, and adds that the app download pages stated they did not collect data.
In a blog post, the cybersecurity company said it reported the discovery to Google, and the two applications with spyware are File Recovery and Data Recovery and File Manager, both published by the same developer named Wang Tom.
As the names suggest, the app helps users manage data and in some cases, “retrieve files deleted from tablets on your phone or Android devices”, users are advised to delete apps if they are still using them.
The Apps somehow went beyond adding Google Play to the Apps to advertise the data they collect, according to the post, “On the Google Play Store, both of the Apps’ profile declares that they do not collect any data from the user’s devices, which we find to be wrong information, and furthermore, declare that if the data is collected, users cannot be requested to delete it, which is contrary to most data protection laws such as the GDPR.”
The research company notes that these were collecting data, including user contact lists from the device itself and from all connected accounts, real-time user location, mobile country code, network provider name, SIM provider network code, device brand and form.
Android apps loaded with spyware probably passed Google Play security because they provide services that appear legitimate.
The research company suggests that users should see reviews before downloading applications, in many cases applications with a high number of downloads are displayed, but no reviews trigger red flags, and the company also notes that users should “read permissions carefully before accepting them.”
Notably, last year the same research company discovered a “caricature painter” app with more than 1 lakh download to steal users’ Facebook credentials.
Researchers discovered a Trojan horse called FaceStealer within the animation app, and according to a Facebook login screen Trojan that asks users to log in before accessing the app home page, after entering the credentials the app will steal the information and send it to a malicious server.
