Popular Android Camera Apps Found Spying On Users

[steven36]

Researchers have found numerous popular Android camera apps stealing users’ data and spying on them.

 

Android Camera Apps Caught Spying

Reportedly, team CyberNews has caught numerous Android camera apps spying on users. These apps also include some popular beauty-filter applications with a large number of downloads as well.

 

As elaborated in their blog post, these apps that apparently provide fun to the users, secretly scrape their data. Consequently, the developers behind these apps use this data for monetization.

In brief, they noticed around 30 of the most popular camera apps with millions of downloads, seemingly belonging to the same or similar developers, involved in spying activities. As discovered, these apps seek dangerous permissions to access unnecessary details. These include access to contacts, GPS location, coarse location, and access to read and write files on the device, apart from the anticipated permissions to access camera and microphone.

 

Some of the noteworthy apps making to this suspicious app list include BeautyPlus – Easy Photo Editor & Selfie Camera, Selfie Camera – Beauty Camera & Photo Editor, HD Camera Selfie Beauty Camera, and B612 – Beauty & Filter Camera. The complete list of all suspicious, yet popular, camera apps is available in the researchers’ report.

How The Apps Abuse Exfiltrated Data

The main purpose of all the data exfiltration through these apps is for monetary gain. The more data these developers gather from the users, the more money they will make.

As explained by the CyberNews,

Location-sharing agreements between app developers and app brokers – where apps can send your GPS coordinates up to 14,000 times per day – can bring in a lot of revenue. With just 1,000 users, app developers can get $4/month. If they have 1 million active users, they can get $4,000/month.

Doing a little math reveals that a popular app boasting, for instance, 10 million users, can even make $80,000 per month. Albeit, the apps in the study boast an even larger number of users.

Moreover, this mode of income is simply in addition to the conventional activity of displaying ads, something to which many users are now immune.

The researchers reiterate practicing caution for the safety of the users’ privacy.

These are non-essential apps that seem to be quite risky. Therefore, we recommend that you practice caution on deciding whether or not to download these apps at all.

Source

[xkryptonx]

Android offer control of apps permission since android 5. It means that app will ask for user permission before gaining access to a particular setting / hardware. However that has been bypassed by many apps. The only way to fully control app behavior on android root and sometime Xposed framework is required to control / change per-app setting, granting / revoking certain permission(s) and see in real time a certain app is having access to which feature. Xposed module such as "AppsOpsXposed" (supports upto android 6.0) and XprivacyLua can help user review what an app is having access to. However rooting itself can put a device in danger, Their can cases in which root can be exploited. Also certain banking apps won't run even when you hide root cloak (my banking app won't even when the root is cloaked) That was the reason i used to stick to Symbian smart phones during the days of android 2.2 unless upgrade become inevitable and necessary. I am an android user since the days of Samsung S2. I hope google would address this issue(s) and make the necessary amendments. Otherwise most of android users are sitting ducks when it comes to threats like these.

[Guest]

No response from Google about this? Even from the developers?

Previously, Google will de-list these problematic apps once identified from security researches and their in-app Play Protect and only reinstate these apps once issue is fixed.