Popular apps sending pictures and other information to China – check your phone now!

While the Play Store is generally a trusted source for downloading Android apps, malicious apps occasionally manage to infiltrate the marketplace. Recently, two suspicious apps called File Recovery & Data Recovery and File Manager were discovered on the Play Store.
According to cybersecurity company Pradeo, these apps were developed by the same creator and were downloaded by 1.5 million users. Though they masquerade as file management apps, they are actually spyware that covertly transmit user information to servers based in China.
File Recovery and Data Recovery was downloaded over a million times, while File Manager was installed by 500,000 people. Despite claiming not to collect any data from smartphones, Pradeo confirmed that this was a false statement.

Equally concerning is the fact that these apps do not delete collected data upon user request, which violates data protection laws.

Pradeo’s analysis revealed that the apps gather personal data such as:

  • Contacts stored on the device
  • Email and social media contacts
  • Pictures, audio, and videos stored within the app
  • User’s real-time location
  • Country code
  • Name of the network provider
  • Operating system version number (possibly for exploiting vulnerabilities)
  • Device model
Most of this information is unnecessary for file management and data recovery operations. Additionally, the apps do not seek user permission to collect this data. They also conceal their home screen icons to make removal difficult. Alarmingl, both apps transmit data over a hundred times.

File Recovery & Data Recovery and File Manager employ a sneaky tactic to carry out successful attacks, where they restart the victim’s device and operate in the background.

As reported by Bleeping Computer, these apps were recently removed from Google Play. If you have them on your phone, it is advisable to delete them immediately. If you can’t find them on the home screen, go to the app list in settings to uninstall them.

 

Reference

Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Denial of responsibility! TechCodex is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
DMCA compliant image

Leave a Comment