Pradeo researchers discovered two apps in Google Play Store that were collecting excessive data from users’ devices and transporting them to China.
The two apps masquerade as File Manager and data recovery software and had more than 1.5 million installs before being removed by Google. Researchers also noted that these apps hide their home icons to evade detection and removal options.
Stealing Data and Sending to China
A report from researchers at a mobile security solutions company, Pradeo, notes two Android apps from Google Play Store – with combined installs of over 1.5 million – are stealing sensitive data from users.
The apps – File Recovery and Data Recovery (com.spot.music. file date) and File Manager (com.file.box.master.gkd) were reportedly gaining more permissions than necessary, even after listing that they won’t collect sensitive data. Researchers said the apps could launch without any interaction from the user and send the following data to servers in China;
- Users’ contact list from on-device memory, connected email accounts, and social networks.
- Pictures, audio, and video that are managed or recovered from within the applications.
- Real-time user location
- Mobile country code
- Network provider name
- Network code of the SIM provider
- Operating system version number
- Device brand and model
Though the apps have legitimate reasons to collect some of the above information, it doesn’t need all of them – and has been collecting them secretly. And to make things worse, Pradeo says the two apps hide their home screen icons – leaving no option for users to remove the apps.
All the reviews and installations the app garnered on Play Store were likely from emulators or install farms, say researchers. Well, Google removed the said apps from the Play Store after reporting but warns users to be vigilant as always. Yet, anyone who have already installed these apps should manually remove them from Settings > Apps, and run a security scan to remain safe.
