Popular apps with 1.5m downloads discovered sending private data to China

Two massively popular apps found on the Google Play Store have been discovered to be collecting and sending data to China.

Researchers from mobile security firm Pradeo discovered that the two file management apps, which have a joint download count of 1.5 million, had the ability to launch without action by the device owner.

“This week, our engine detected two spyware hiding on the Google Play Store and affecting up to 1.5 million users,” Pradeo said.

“Both applications are from the same developer, pose as file management applications and feature similar malicious behaviours.

============

“They are programmed to launch without users’ interaction and to silently exfiltrate sensitive users’ data towards various malicious servers based in China.

“We have alerted Google of the discovery before publishing this alert.”

Both apps stated they collect no data on the Google Play website; however, Pradeo found that a number of data points were being collected and sent away.

Pradeo stated the apps collect and send off:

“Users’ contact lists from the device itself and from all connected accounts such as email, social networks …
“Media compiled in the application: pictures, audio and video contents
“Real-time user location
“Mobile country code
“Network provider name
“Network code of the SIM provider
“Operating system version number, which can lead to vulnerable system exploit like the Pegasus spyware did
“Device brand and model.”

The first app, “File Recovery & Data Recovery”, had an install count of over 1 million, while File Manager had over 500,000. Both apps were uploaded by the same publisher, wang tom.

VIEW ALL

Pradeo said that the developers use a number of “sneaky behaviours” to increase the success of the app, including creating the façade that the app is legitimate and requiring less user interaction to engage in malicious activity.

In the case of both apps in question, the developer also ensured that uninstallation was impossible. Users of the program can attempt to uninstall the program, but it will remain active and invisible.

“It is common to believe that on a mobile device, all applications are visible on the home screen,” said Pradeo.

“Although, that’s not the case, and an application can simply hide its icon from the general view.

“Both of these malware use this technique to make their uninstallation harder. To delete them, users require going to the application list in the settings.”

Users are recommended to download programs that have reviews and to read them before downloading. Organisations, in addition, should “automate mobile detection” so that users are offered secure flexibility. This involves screening applications and denying them access to a device when they don’t match the business’s security policy.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it

newsletter

Be the first to hear the latest developments in the cyber industry.

Popular apps with 1.5m downloads discovered sending private data to China

Daniel Croft

Introducing Cyber Daily, the new name for Cyber Security Connect

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED