Security researchers have discovered two spyware in the Google Play Store that have been installed by up to 1.5 million users. Both apps are from the same publisher and pose as file management applications. They have similar malicious behaviours such as launching silently without any user interaction. The apps also collect excessive user data even though their application profile announce that they do not collect any data from users’ devices. The data collected includes users’ contact lists from both the device and from all connected accounts such as email and social networks. It also collects all media compiled in the application, such as pictures, audio and video contents. It collects the device real time location along with other device and network information. The apps also protects itself from uninstallation by hiding its icon from the home screen. Security recommendations include checking the reviews before downloading and carefully reading the permissions the app is requesting before accepting them.
https://blog.pradeo.com/spyware-tied-china-found-google-play-store
This segment was created for the It’s 5:05 podcast