News

Apps with 1.5 million installs were transferring user data to China

Security Parrot Editorial Team

Two Malicious File Management Apps Found on Google Play with Over 1.5 Million Installations

Two malicious file management apps have been found on Google Play with over 1.5 million installations in total. The first app was called File Recovery and Data Recovery (com.spot.music.filedate) and had at least a million installs, while the second application, called File Manager (com.file.box.master.gkd), had at least 500,000 downloads. Both have now been removed from the Google Play Store.
The apps were published by the same publisher (wang tom). Their description, in the Data Safety section, stated that they do not collect any user data, but this was a lie. In reality, the applications extracted a list of contacts from the device memory, as well as data on connected email and social network accounts, images, audio and video that have been manipulated or restored through malicious applications, real-time user location, mobile country code, the name of the telecom operator, network code of the SIM provider, operating system version, and brand and model of the device.
The apps also had hidden their icons from the home screen to make them harder to find and remove. They could also abuse the permissions the user gave them during installation to reboot the device and run in the background.
Experts believe that the creator of these applications used emulators or bot farms to increase the number of installations and increase the population. This theory is backed up by the low number of reviews on Google Play, which clearly didn’t match the app’s huge user base.

What Data Was Collected?

The two malicious file management apps collected a lot of user data, far beyond the information they needed for their work, and then sent the collected information to China. The data collected included a list of contacts from the device memory, as well as data on connected email and social network accounts, images, audio and video that have been manipulated or restored through malicious applications, real-time user location, mobile country code, the name of the telecom operator, network code of the SIM provider, operating system version, and brand and model of the device.

How Were the Apps Discovered?

Researchers at mobile threat company Pradeo discovered the two malicious file management apps on Google Play. The first app was called File Recovery and Data Recovery (com.spot.music.filedate) and had at least a million installs, while the second application, called File Manager (com.file.box.master.gkd), had at least 500,000 downloads. Both have now been removed from the Google Play Store.
The apps were published by the same publisher (wang tom). Their description, in the Data Safety section, stated that they do not collect any user data, but this was a lie. In reality, the applications extracted a list of contacts from the device memory, as well as data on connected email and social network accounts, images, audio and video that have been manipulated or restored through malicious applications, real-time user location, mobile country code, the name of the telecom operator, network code of the SIM provider, operating system version, and brand and model of the device.

How Were the Apps Used?

The apps had hidden their icons from the home screen to make them harder to find and remove. They could also abuse the permissions the user gave them during installation to reboot the device and run in the background.
Experts believe that the creator of these applications used emulators or bot farms to increase the number of installations and increase the population. This theory is backed up by the low number of reviews on Google Play, which clearly didn’t match the app’s huge user base.

Share this Article
Exit mobile version
Lost your password?