Fake security apps tracking and harvesting user data on Google Play Store
Nearly 35+ malicious apps in Android were found to be flouting security issues on Google Play store, and harvesting user data, and tracking location. A security company informed how the apps offered a wide range of security capabilities, like saving battery, cleaning junk, locking apps, WiFi security and more.
These apps have some interesting names like Guardian Antivirus, Security Defender, Security keeper, Smart Security, Deep cleaner and more. No doubt the application performs this task, but at the same time, they will pile you with unwanted advertisements, and deceptively track user location and collect user data too.
Researchers say “the apps, once launched, would not actually appear on the device launcher’s list of applications, nor would their shortcuts pop up on the phone’s screen.”
What is even more interesting is that once the app is launched it will not show up on the device launcher’s list nor any shortcut be seen on the home screen of the device. These malicious apps are designed in a way that it hides the function and will not run on specific devices. This is most likely because the malware developers knew that if they are around on all devices, chances of their getting busted was high. Google would have detected it anyway so they didn’t want to take chances.
If the user installs another app, this malicious app would immediately alert the user that it is a suspicious little thing, and will eat up 10 GB space. This will prompt the user to delete few other files on his device. These are just tactics by the dubious apps to show their legitimacy. Security researchers found out how the malware developers created a false notification to divert the attention of the users. For instance, if a user clicked on a button to resolve the issue a fake security alert would pop-up saying the problem is resolved.
Not only security alerts, but the users were bombarded with advertisements on nearly every action they performed. According to the renowned security company Trend Micro “The aggressive ads show up during many different scenarios — for example, after the app sends notices to unlock the device screen or if the user is told to connect to a charger. “The user is bombarded with ads with almost every action. It is clear that one of the main focuses of the app is ad display and click fraud.”
Users are also asked to sign and agreed to an end-user license agreement (EULA) that describes the information that will be gathered and used by the app. However, the researchers said that the app abuses privacy since “the collection and transmission of personal data is unrelated to the functionality of the app”.
The users were asked to sign an agreement that reads that the information gathered will be used by the app. Nevertheless, the app never honored such agreement and went on to flout the rules to abuse privacy issues. The apps collected a slew of user and device information and pass it on to a remote server. This included Mac address, Android ID, Brand, Language, Location, and data of other installed apps, including their social media account, and finally the screen size.
The security company Trend Micro spotted this vulnerability and informed Google and since then it has been removed from Google Play.
Kevin Jones285 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others. He holds prestigious certifications like OSWP, OSCP, ITIL. His goals in life are simple - to finish her maiden business venture on Cybersecurity, and then to keep writing books for as long as possibly can and never miss a flight that makes the news.