Google Play
Privacy Invasion: Apps Boasting 1.5M Downloads on Google Play Channel Your Data to China

In a recent revelation, security experts have exposed two malicious file management applications on Google Play that have collected user data excessively. This shocking breach of privacy goes beyond what is required for the stated functionality of the applications. These two apps, which originate from the same developer, reportedly siphoned off sensitive user information and redirected to servers in China. The two apps are still available on Google Play, despite reports made to Google.

Unmasking the Apps – Privacy Breach

The malicious applications, named File Recovery and Data Recovery, appear on devices as “com.spot.music.filedate”. The total installation count for these two apps stands over an alarming 1.5 million, with File Recovery accounting for at least 1 million and File Manager tallying at least 500,000. Identified on devices as “com.file.box.master.gkd,” these apps were discovered by the behavioral analysis engine of Pradeo, a mobile security solutions company.

Discrepancy in Data Safety Claims

Interestingly, the Google Play descriptions of these apps claim that they do not harvest any user data from devices. However, an investigation by Pradeo has proven otherwise.

Unauthorized Data Access

Pradeo’s findings have uncovered a wide array of data that the mobile applications secretly exfiltrate from devices. This data includes:

  • Contact lists from device memory, linked email accounts, and social networks
  • Images, audio, and video managed or recovered by the applications
  • Real-time location of the user
  • Mobile country code
  • Name of the network provider
  • Network code of the SIM provider
  • Operating system version number
  • Device brand and model

While some of this data could be justified for ensuring optimum performance and compatibility, most of the collected data isn’t essential for the functionality of these file management or data recovery applications. Moreover, this data is secretly extracted without the user’s consent.

Stealth Tactics for Privacy Invasion

Further findings from Pradeo illustrate how the apps conceal their home screen icons, making them challenging to locate and remove. They also exploit the permissions granted by the user. It is during installation to restart the device and operate in the background damaging privacy.

Suspicious Popularity

The applications’ developer is suspected of using emulators or install farms to artificially inflate their popularity, thereby making the apps appear more reliable than they are. This hypothesis gains traction when considering the disproportionately small number of user reviews on the Play Store compared to the reported user base.

In light of these revelations, it’s crucial to review user feedback before app installation. Be cautious about the permissions requested during setup, and only rely on software published by reputable developers. The recent exposure of these invasive apps is a stark reminder of the importance of online privacy and data security.