In a recent discovery, two Android apps were found to be sending user data to China. These apps have been downloaded over 1.5 million times, and they pose a serious risk to the privacy and security of all their users.
These apps are- File Recovery & Data Recovery and File Manager and they are both disguised as file management apps. The threat was detected by cybersecurity firm Pradeo, which found that they were collecting a wide range of personal user data. Both apps are created by the same developer known as Wang Tom.
Source: Pradeo
This data was sent to servers in China. The firm stated “This week, our engine detected two spyware hiding on the Google Play Store and affecting up to 1.5 million users. Both applications are from the same developer, pose as file management applications and feature similar malicious behaviors.”
File Recovery & Data Recovery has been downloaded over 1 million times, while File Manager has been downloaded 500,000 times.
According to Pradeo's blog, these websites launch automatically without any user input and begin collecting user information, which is then sent to malicious servers in China.
Here is the list of sensitive data that is being collected by these apps:
- Contact lists
- Real-time location
- Country code
- Name of the network provider
- Media available in the application- images, audio and video
- Information about the device brand and model
- Network code of the sim provider
- Operating system version number, which can potentially expose the system to vulnerabilities, similar to the Pegasus spyware.
In addition to collecting information, these applications do not allow users to decline or modify the data that is collected. These apps also misguide the users by stating that they don’t collect any type of data.
While Google has removed these apps from its platform, it is still essential to safeguard your personal data. Here are some tips to help you stay safe:
- Only download apps from trusted sources: This means downloading apps from the official app stores, such as the Google Play Store or the Apple App Store.
- Be careful about what permissions you grant to apps: When you install an app, it will ask for certain permissions. These permissions allow the app to access certain data on your device, such as your location, contacts, or camera. Only grant permissions that are necessary for the app to function.
- Delete the unnecessary apps: Go to the settings of your device and delete the apps that you don’t use or the apps that don’t display permissions.
- Read reviews: It is essential that you read the reviews of an app before installing it so that you know how the application works and what data it is collecting.
- Scan your device for malware regularly: There are many security apps available that can scan your device for malware. This is a good way to check for any apps that may have been secretly installed on your device.
In conclusion, the two Android apps pose a serious risk to personal security. Google has removed them from the Google Play Store, but if you have already downloaded them, you should uninstall them immediately. It is important to be aware of the risks associated with inauthentic apps and to be selective about the apps you install on your devices.
-1754669337448.jpg)
Comments
All Comments (0)
Join the conversation