Mon | Jul 10, 2023 | 4:27 PM PDT

The Google Play Store, a widely-trusted source for Android applications, has recently become a battleground for a concerning wave of spyware with ties to China. These apps, masquerading as file management tools, have stealthily compromised the devices of more than 1.5 million users.

Operating under the radar, these apps silently collect and transmit sensitive data to servers based in China, posing significant risks to user data security and privacy. 

Pradeo, the mobile security company that discovered these malicious apps, has released a report discussing the spyware lurking on the Google Play Store. Pradeo promptly alerted Google about the discovery, emphasizing the urgent need for action to protect users from these threats.

The two spyware apps identified by Pradeo are File Recovery and Data Recovery, which had more than one million installations, and File Manager, which had more than 500,000. Both apps were developed by the same entity and boasted a significant number of installations on the Google Play Store.

While the spyware apps claimed not to collect any user data on their Google Play profiles, Pradeo's analysis revealed the exact opposite. These apps were harvesting an extensive range of personal information from users' devices without their knowledge or consent.

According to the report, the stolen data includes:

  • Users' contact lists from the device itself and from all connected accounts such as email, social networks…
  • Media compiled in the application: Pictures, audio, and video contents
  • Real-time user location
  • Mobile country code
  • Network provider name
  • Network code of the SIM provider
  • Operating system version number, which can lead to vulnerable system exploit like the Pegasus spyware did
  • Device brand and model

The report also notes that the sheer volume of data transmitted by these spyware apps, each performing over a hundred transmissions, was highly unusual and alarming.

[RELATED: Apple Unveils 'Lockdown Mode' to Defend Against Spyware]

Ted Miracco, CEO at Approov, shared his thoughts on this report with SecureWorld News:

"The security issues related to this story are deeply concerning, albeit not surprising. The most fundamental problem is the false sense of security that consumers and businesses have related to app stores like Google Play (and Apple's App Store) in terms of actually protecting devices and individuals from these malicious apps.

Both Apple and Google are actively promoting their security efforts at developer conferences, achieving record profits and sales while many of the apps available have huge discrepancies between their stated privacy policies and the actual information and data collected. These include both legitimate mainstream apps that bend the rules without apparent consequences, and malicious apps that engage in deceptive behavior, claiming not to collect data while secretly doing so.

The fact that the data is being sent to malicious servers in China compounds the gravity of the threat while making it extremely difficult for consumers and businesses to mitigate the repercussions and long term damage that might occur from the stolen data. It also highlights the complex global nature of cyber threats and the importance of international collaboration in addressing such issues."

Pradeo's security alert sheds light on the alarming presence of spyware apps on the Google Play Store, compromising the privacy and security of millions of Android users. The discovery serves as a stark reminder of the evolving nature of cyber threats and the need for constant vigilance in the digital landscape. By following the recommended precautions and staying informed, users can mitigate the risks associated with such malicious applications and protect their personal information from unauthorized access.

Follow SecureWorld News for more stories related to cybersecurity.

Comments