[ad_1]
Which are the two apps?
In a blog post, Pradeo said that its both applications are from the same developer, “pose as file management applications and feature similar malicious behaviours.” The apps in question are “File Recovery & Data Recovery” and “File Manager”.
How did the apps ‘spy’ on users?
According to Pradeo, these apps are programmed to launch without users’ interaction, “and to silently exfiltrate sensitive users’ data towards various malicious servers based in China.”
The two apps claim that they do not collect any data from users’ devices. Pradeo found that this was inaccurate and that the apps were indeed collecting user data.
What is the kind of data that these apps collected?
Among the data collected by these were users’ contacts, pictures, audio and video files, network provider name, OS version number, device brand and model, country code and more.
Pradeo has alerted Google about these apps but they still exist on the Play Store. Users are advised to delete them if they have installed them. However, as per the blog, these apps aren’t easily uninstalled. “Both of these malware use this technique to make their uninstallation harder. To delete them, users require going to the application list in the settings,” said Pradeo.
Also, Pradeo has three security tips for downloading apps:
- Do not download applications that do not have any reviews while thousands of users.
- Read reviews when there are any, they usually reflect the applications true nature.
- Always carefully read permissions before accepting them.
[ad_2]
Source link