Wolves in sheep’s clothing. It is frequent that Google Play, the official Google store for Android operating system apps, allows them to be hosted there applications more dangerous than they seem. Now security researchers have discovered a couple of them that can compromise your data, stealing it and sending it to China.
Malicious apps with 1.5 million downloads
Security researchers discovered dos file management malicious applications on Google Play with an install count of over 1.5 million between them and that collected user data that goes well beyond what is needed to deliver the promised functionality.
The apps, both from the same publisher named “wang tom”, can be launched without any user interaction to steal sensitive data and send it to servers in China. After informing Google, the two applications are no longer available on Google Play, as well as the developer account, but they are still present in APK repositories and/or you may still have them installed.
Despite the fact that their description in the Google application store did not include that they collect any user data from the device in the Data security section, the cybersecurity firm discovered the following data from the device on which they were installed:
- Contact list of users from device memory, connected email accounts and social networks.
- Images, audio, and videos that are managed or retrieved from applications.
- User location in real time.
- Mobile country code.
- Name of the network provider.
- SIM provider network code.
- Operating system version number.
- Make and model of the device.
Much of the data collected is not required for file management or data recovery functions. To make matters worse, these data is collected secretly and without obtaining the consent of the user. Reports from Pradeo’s behavioral analytics engine show that both spyware collect highly personal data from its targets to send it to a large number of destinations, mostly located in China and identified as malicious.
Fake file managers
One of them was named File Recovery and Data Recovery and, supposedly, it was used for the following: This app will try to help you recover deleted files from your phone, tablet or any Android device, it will search for deleted files on each device. The app also offers a free service to delete old files permanently using the algorithm to overwrite the file being deleted, preventing any other program from trying to restore it.”.
The other was called File Managerfrom the same developer, and this was its description. File Manager+ is a convenient and powerful file manager for Android models. It provides free, fast and multiple features. The user interface on the home page is clean and very easy to use. It allows you to operate with files and folders, network-attached storage, and cloud services like Dropbox and Google Drive in a concise way. Helps manage phone memory and remote cloud storage. Support a variety of common operations: open, find, browse directories, copy, paste, move, delete, rename, zip, unzip, download, bookmark, organize. File Manager+ supports several common file formats and media, including Android installation packages (apk)».