In some unfortunate news, the Google Play Store has unveiled yet another mischievous duo hiding in its digital realm. A leading cybersecurity company called Pradeo was the one to make the discovery. After detecting this illicit behavior, Pradeo immediately alerted Google, and the apps were removed from Google Play. Researchers at Pradeo found that two malicious apps contained spyware and have been secretly sending Android users’ private data to servers in China. Here’s what we know so far and what you can do if you have these apps downloaded to your device.
What are these apps, and what did they do?
The two apps were posing as file management tools and had collectively amassed over 1.5 million downloads. The two apps are called File Recovery & Data Recovery and File Manager, both from the same developer. Each app was meant to be a way for Android users to help organize files and data on their phones. Both of the apps also stated that no data collection occurs under their watch.
What did these malicious apps collect and share with China?
The Pradeo report found that these apps actually collected reams of private user information and shared it with China without people’s knowledge, including contact lists, media files, real-time locations, mobile country codes, network provider details, SIM provider network codes, operating system versions, device brands, and models.
The deceptive tactics of the hackers behind the two apps
The hackers behind these apps also made it look like they were trustworthy by using install farms to artificially inflate the number of downloads they had. By inflating the download count, they create an illusion of trustworthiness, making potential victims more likely to install their apps. Plus, each app also had advanced permissions to allow them to hide their icons on an Android Home Screen, so it’s more difficult to uninstall them. This further aids the hackers in maintaining their presence on a victim’s device, increasing the potential for unauthorized access or malicious activities.
Google’s response to the apps on the Google Play Store
We reached out to Google for a comment about the two malicious apps that were discovered on the Google Play Store, and a Google spokesperson had this to say:
These apps have been removed from Google Play. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play.”
What if I have these apps on my Android?
You can remove the apps yourself, but Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices. You can follow these quick steps to get rid of these malicious apps on your own.
Have antivirus software on all your devices
Read my review of best antivirus protection software here
Settings may vary depending on your Android phone’s manufacturer
- Go to your Settings app
- Tap Apps & notifications or just Apps
- Tap See all apps
- Scroll down and find the app you want to uninstall
- Tap the app and then tap Uninstall
- Hit Ok
MORE: ANDROID USERS AT RISK AS BANKING TROJAN TARGETS MORE APPS
How can I avoid this from happening in the future?
There are a few steps that you can take before downloading a new app to your phone, and you should always be careful before doing so, even if it’s from a legit source like the Google Play Store or the App Store. Here are some of my tips.
Read the reviews and privacy policies
This is one of the most important steps you can take before downloading an app. You want to make sure that you understand exactly what kind of permissions an app has before giving over your personal information, and make sure you’re also thoroughly reading reviews. Look for specificity in those reviews because sometimes hackers will post generic, fake reviews to make an app look legit when it’s not. It also wouldn’t hurt to do some research on the app developer to see if they’re legit.
Be skeptical of app clones
Sometimes, cybercriminals create fake or cloned versions of popular apps to trick you into downloading malware. Pay attention to app names, developer names, and reviews to ensure you’re downloading the legitimate version.
Trust your instincts
If something feels off about an app, trust your gut instincts. If an app seems suspicious, has poor reviews, or exhibits unexpected behavior, it’s best to err on the side of caution and avoid downloading or using it.
MORE: HOW TO SAFELY WIPE YOUR IPHONE OR ANDROID CLEAN WHEN REPAIR ISN’T AN OPTION
Kurt’s key takeaways
Unfortunately, hackers successfully trick innocent people into downloading these malicious apps, which is why we always have to stay vigilant and research everything before we download it to our phones and tablets. Let’s keep our guard up and remember that a few moments of precautionary research can save us from the endless headaches caused by these cunning hackers and their nefarious apps.
What more could app stores be doing to prevent malicious apps like these from sending our private data to foreign countries like China? Let us know by commenting below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Related: