Android User Warning: Here Are 24 ‘Dangerous’ Apps With A Dark Secret—And 382 Million Installs

[steven36]

Hidden within the all too frequent reports of malware-laced apps and adware lurking on Google’s Play Store, there is an ominous theme—networks of Chinese developers sharing code, resources and know-how. And it’s this that’s behind the latest warning from VPNpro in a new report claiming that a large, government-linked Chinese company is “secretly behind 24 popular apps seeking dangerous permissions.” And while such apps are often dismissed as a nuisance, the team warns that these ones may be involved in “much more malicious behaviour.”

 

These new findings came to light when VPNpro delved further into the Chinese networks it found to be behind popular VPN products on the store—I’ve reported before on the VPN developers in China and Hong Kong. One of those companies, it says, is especially worrying. Hi Security, VPNpro claims, requests particularly dangerous permissions within its VPN apps. And so the team says it decided to investigate, finding links to a Chinese company called Shenzhen HAWK that is “secretly” behind Hi Security as well as four other app developers.

 

In combination, those five developers are responsible for 24 apps which have accumulated more than 382 million installs from the Play Store. “Some of those apps,” VPNpro says, “are known for containing malware and rogueware.”

 

Shenzhen HAWK is a subsidiary of TCL Corporation, a huge and partially state-owned Chinese electronics corporation that has licensed branded manufacturing rights from Alcatel, BlackBerry and HP/Palm. A year ago, ZDNet reported that TCL was responsible for the malware-laced Weather Forecast app that was preinstalled on Alcatel smartphones, and which “surreptitiously subscribed device owners to premium phone numbers behind their backs.”

 

But this, it now seems, is just the tip of the iceberg when it comes to this network of dangerous apps, threatening hundreds of millions of Android devices. Virus Cleaner, another of the Hi Security apps, was the subject of an Indian government warning in 2017, identified as hiding “spyware or other malware.”

 

I contacted Google and provided them with details of the apps before publishing—since then, most of the apps have been removed from the Play Store.

 

I also contacted TCL ahead of publication—anything received will be added here.

 

In its report, published today (February 3), VPNpro maps out the Shenzhen HAWK network—the five linked developers and those 24 apps.

 

"Apps secretly owned by Shenzhen HAWK

 

 

VPNpro provided me with a list of the 24 apps and their APKs, claiming that as at January 31 all but two (Super Battery and Dig It) were still available to download and install from the Play Store.

 

Google has now removed a further 17, leaving just 5 available. Where those apps are installed, VPNpro recommends “users take matters into their own hands—deleting them from phones as soon as possible.”

 

The breadcrumbs leading to Shenzhen HAWK’s network of apps are not hard to follow, VPNpro reports. On its own website, the company lists 13 apps from five developers. Those five developers are behind the 24 apps disclosed by VPNpro.

 

 

 

 

So are users genuinely at risk? Well, let’s take a look at the permissions these mostly trivial apps request when they are installed—this is the key to the level of access users are granting to their digital secrets. In short, the risks users open themselves up to are predicated on the permissions they provide.

 

Of the 24 apps listed in the report, six request access to a user’s camera and two to the phone itself, meaning they can place calls. 15 of the apps can access a user’s GPS location and read data on external storage, while 14 can collect and return details of a user’s phone and network. One of the apps can record audio on the device or its own servers, another can access a user’s contacts.

 

You get the point.

 

Once installed, these apps can communicate with an external server controlled by their developers. By retrieving location and user details, the lowest risk is that this fuels targeted marketing, with user data sold to advertisers who will then be able to personalise unwanted ads for those users. Those servers are in China, and at least one of those apps—Weather Forecast—was reportedly sending user data there. The permissions granted would enable premium calls to be made, websites to be visited and additional malware to be dowloaded onto a device.

 

And this is the crux for users. Forget the apps themselves. Once a device is compromised, the door has been unlocked and left ajar. It is trivial for an app to trigger the install of others and even to determine the best type of malware for the specific device, based on language, location, even user behaviours.

 

Please give due care and attention to the apps from unknown developers that you allow onto your devices. These risks are real. The permissions being requested are real, as are the past issues with malware and data theft.

 

For its part, Google is working to combat the dangers on the Play Store, and in establishing the App Defense Alliance with third-party security research firms, the U.S. giant seems to be taking this issue seriously. But right now, the onus remains on the user community to be cautious and to apply common sense to their downloads and installs, just as they do with the websites they visit and the email or message attachments they open.

 

As VPNpro warns, “apps that seem innocent may actually be reading and changing your files, selling your data, or much worse—remember, you are the last line of defence against malicious software.”

 

Needless to say, if you have any of those 24 apps installed on your phones you should delete them and all of their data right away.

 

Source

[funkyy]

Just another reason why I have never had and will never have a mobile phone. The curse of the 21st century.

[x3r0]

On 2/4/2020 at 12:39 PM, funkyy said:

Just another reason why I have never had and will never have a mobile phone. The curse of the 21st century.

I used to think like this... Dunno why I don't want an smartphone. But my trusty Siemens M65 still looks appealing to me... Until I'm surrounded by friends, jobs, etc. They keep asking why they need to call me directly instead of using "free" call using Whatsapp or etc, SMS when they can use "free" messaging apps... Losing touch and out of loop because not having Facebook, Instagram, LinkedIn etc, but this is one is personal I guess.

 

Then comes the mandatory needs to use online transportation. Sure the old, classic transportation still exists, but sometimes, my work force me to use Grab or online taxi so I can claimed the fee later, they will not accept otherwise. Buying things through online shopping - I agree some stuff is better to buy at a shop, eg. guitar, etc., but sometimes, the only way I can buy it, is through the online shop "apps" from smartphones.

 

The point is, if your environment still offers many choices to live without smartphones - it's okay NOT to have one. Otherwise you'll see yourself to blend in with the crowds, or move to other places.

 

[funkyy]

@x3r0 Yep, everything you say is correct. Also in emergency situations a mobile phone is great, or if you just want to check that someone is on their way to meet you as agreed. There are many good reasons/uses for mobiles. Unfortunately there's also the "addiction" that some folk have to the damn things. They interrupt you with unimportant calls/messages when you're busy or just sitting relaxed watching TV. My wife has a mobile, and she's always using it, receiving "funny" videos from family, chatting with one of her many groups on WhatsApp etc etc.

When I go for a walk, I like the peace and quiet, feeling the sun on my face and looking at my surroundings....not staring at a piece of plastic and tapping on a keyboard....and stepping in front of an oncoming car!!! I actually pulled her back one day as she almost did just that.

I survived all those years of my youth when mobiles didn't exist,

so I guess I'll survive the rest of my life just the same....any way "can I borrow your phone...it's an emergency" still exists!!!

[Karlston]

On 2/6/2020 at 3:48 AM, funkyy said:

There are many good reasons/uses for mobiles. Unfortunately there's also the "addiction" that some folk have to the damn things. They interrupt you with unimportant calls/messages when you're busy or just sitting relaxed watching TV. My wife has a mobile, and she's always using it, receiving "funny" videos from family, chatting with one of her many groups on WhatsApp etc etc.

 

Spot on!

 

I use my mobile in a novel way, purely for making and receiving calls. And it's mostly in Airplane mode.

 

As a former boss once said while he let his phone keep ringing... "Just because it makes a loud noise doesn't mean it's more important than what I'm currently doing".