Pradeo security researchers have discovered two Android apps harboring spyware that collects all device data and sends it to China. Problem: they are still available on the Google Play Store…
We can never say it enough: beware of the apps you install on your smartphones and tablets! And this, even when they are offered on official stores like the Play Store. Because despite its promises and its efforts, Google still lets dangerous apps through, containing more or less dangerous malware. Another proof of this is given by Pradeo, a French company specializing in cybersecurity. Its experts have just discovered that two relatively popular applications – they have accumulated some 1.5 million downloads – were hiding powerful spyware – a spy program – which literally siphoned the content of the devices on which they are installed to send them to servers. located in China. All of this, of course, without the knowledge of their users. The worst part is that despite their reporting to Google, these two virulent apps were still available on the Play Store on July 6, 2023, ready to make new victims! But what are the Mountain View police doing?
Published by the same developer, a certain Wang Tom, the two offending applications officially present themselves as simple utilities: File Recovery claims to be specialized in file management, while File Recovery & Data Recovery is dedicated to data recovery. Practical and innocent tools, at first glance. And which, the Play Store, announces that they do not collect any data from users’ devices.
But it’s wrong ! Because on closer inspection, we learn that “if data is collected, users cannot request its deletion”, which is contrary to most data protection laws, in particular the European GDPR. Importantly, the two apps clearly exhibit very similar malicious behavior. As the researchers explain in their publication, these two apps are “programmed to launch without user interaction and silently exfiltrate device data to various China-based malicious servers.” Just that !
And if certain information collected may seem harmless (brand and model of the device used, country code of the telephone network, name of the telephone operator, code of the SIM card supplier, etc.), the list of personal data that they insidiously recover something to really make people shudder: list of contacts in the device and of all the user’s connected accounts (mail, instant messaging, social networks, etc.), photo, video and audio content or even the location of the user in real time! Whoops ! It is hard to imagine what this kind of eminently sensitive information and content can become in the wrong hands, from espionage and blackmail to identity theft and bank account pumping, all seems possible…
If we do not know the identity and the real intentions of the (pseudo) creator of these spy apps, we hope that Google will react quickly to the alert launched by Pradeo. And if, unfortunately, you have already installed these corrupt applications, immediately remove them from your devices, verify all your accounts and change your passwords without delay!