These Android apps could be sending your data to China without you knowing

July 14, 2023Android Apps

These Android apps could be sending your data to China without you knowing

Two file management apps on the Android platform, with more than a million downloads combined, were actually infostealers that were sending harvested sensitive data to unknown entities in China.

Cybersecurity researchers from Pradeo uncovered and reported the apps, which were called File Recovery & Data Recovery, and File Manager. Both are built by the same developer, and while the former has roughly a million downloads, the latter has around 500,000.

Since then, Google removed the apps and reminded its users of the existence of Play Protect:

“These apps have been removed from Google Play. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play,” the company said in its announcement.

The apps displayed classic malware behavior: they harvest more data than they need to properly function, they hide their icons from the home screen so that users can’t easily find and remove them, and they don’t communicate clearly what they’re doing.

In this particular case, the data that was being exfiltrated to a server in China includes:

Users’ contact list from on-device memory, connected email accounts, and social networks.
Pictures, audio, and video that are managed or recovered from within the applications.
Real-time user location
Mobile country code
Network provider name
Network code of the SIM provider
Operating system version number
Device brand and model

Furthermore, Pradeo found the apps abusing given permissions in order to restart themselves when the endpoint is rebooted.

Analysis: Why does it matter?

Data is the “oil” of the 21st century. It’s being used by most companies to generate personalized offers, get more insight into user/customer behavior, and generate new revenue streams. In the last couple of years, as many companies started harvesting user data

July 12, 2023Android Apps

Android apps with over 10 lakh downloads found with spyware sending data to China

By Abhik Sengupta: Google Play started rolling out privacy-focused “nutrition labels” last year to help users know what data apps collect even before downloading. However, it appears that bad actors and developers have found a way to dodge the system to steal users’ data. According to cybersecurity analysts at mobile cybersecurity company, Pradeo, two apps on Google Play were found with spyware sending data to malicious servers based in China. The firm notes that over 10 lakh users are affected by spyware-laden apps. It added that the app’s download pages stated they didn’t collect data.

In a blog post, the cybersecurity firm states that it has alerted Google of the discovery. The two apps with Chinese spyware are “File Recovery and data recovery” and “File Manager.” Both are published by the same developer, named “Wang Tom.” As the names suggest, the app helps users to manage data and, in some cases, “retrieve deleted files from your phone tablets, or any Android devices.” Users are advised to delete the apps if they are still using them.

As mentioned, the apps somehow skipped adding Google Play’s rule for apps to declare the data they collect. The post reads, “On the Google Play Store, both the above-mentioned applications’ profiles announce that they do not collect any data from user’s devices, which we found to be false information. Furthermore, they announce that if data was collected, users could not request it to be deleted, which is against most data protection laws like the GDPR.”

The research firm suggests that these were collecting data, including users’ contact lists from the device itself and from all connected accounts, real-time user location, mobile country code, network provider name, network code of the SIM provider, and device brand and model.

The spyware-laden Android apps likely passed the

July 11, 2023Android Apps

Over 1.5 million Android users downloaded spyware apps that are sending data to China

Delete these apps NOW! More than 1.5 million Android users downloaded spyware applications that are scraping data and sending it to China

By Stacy Liberatore For Dailymail.com

Updated: 13:52 EDT, 10 July 2023

More than 1.5 million Androids users are at risk of Chinese hackers after two spyware apps were found in the Google Play Store.

Anyone with the apps File Recovery & Data Recovery and File Manager are being urged to delete them from devices manually, as they are scraping personal information.

This data includes contact lists, pictures, videos and real-time user location.

Cybersecurity firm Pradeo made the discovery and reported the malicious apps to Google – the tech giant has since removed them.

Security researchers have uncovered two spyware apps on Google Play that send user data to China – and more than 1.5 million Android owners downloaded them

Wang Tom is shown as the developer of both apps, mentioning they do not collect users’ data.

However, Pradeo found this to be false upon a deeper analysis.

Pradeo also revealed that the two apps hide their home screen icons, making finding and removing them more difficult.

The apps, updated at the end of June, also abuse the permissions the user approves during installation to restart the device and launch in the background.

And the publisher likely bloated the popularity of the apps to get more attention on Google Play, BleepingComputer reports.

Pradeo found the apps can scrape contact lists connected to email accounts, social networks and those stored on the device.

Users’ pictures, audio and video are also vulnerable, along with their location, mobile country code and network provider name.

Cybersecurity firm Pradeo made the discovery and reported the malicious apps to Google. This data being collected includes contact lists, pictures, videos and real-time user

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.