Security companies regularly warn about the perils of malicious mobile apps lurking in app stores pretending to be legitimate apps. SecurityWatch is partnering with a handful of security companies who monitor apps on Google Play and third-party marketplaces to identify malicious apps you should not have on your Android device.
While most of them aren't as dangerous as their malicious counterparts in the PC or Mac world, many of these apps can trick users into sending SMS messages to premium numbers or receiving content from services that charge exorbitant rates. They can also be a little aggressive about the kind of personal data harvested from the device.
If you've downloaded these apps recently, check out what they are capable of and considering removing them from your device altogether.
Face Changer
Face Changer versions 2.4 to 15 from developer Xingaad was flagged by BitDefender this week. The app displays ads in the notification bar even when it is not open, which many companies consider as being spam.
Face Changer can track user location while it's open, and can upload the location to several advertising networks. It also can create new advertisement icons on your Home screen, via Apperhand, an advertising network.
The app can access the user call history, browsing history, and the contacts list. While many apps have a "reasonable motive" to access the contact list in order to provide service, this isn't one of them, BitDefender said.
Face Changer can also make phone calls. "Make sure you trust this app, because phone calls obviously cost you money," BitDefender said.
Leaking the device's unique identifier is another no-no. The UDID is used by developers, advertisers, and analytics tools to track user location and behavior across apps. In this case, Face Changer uploads the Unique Device ID to a number of aggressive ad networks, including Jumptap, Apperhand, Tapjoy, MobClix, MobFox, and InMobi, as well as to data.flurry.com.
"Your device's Unique Device ID can be used to track your location or behavior across more than one app," BitDefender told SecurityWatch.
Zombie Dress Up Game
Zombie Dress Up-Zombie Game version 1.0.8 to 9 from GoodSoundsApps have similar relationships with aggressive advertising networks. The app leaks user phone number, email address, and device id, according to BitDefender. It obtains the phone number and email address associated with the device and uploads it to AirPush servers. User location is also sent to AirPush.
The app can also create new advertisement icons on your Home screen, and can display ads in the notification area. While users have to opt in before the ads are shown in the notification area, there doesn't appear to be a similar opt-in option for the Home screen, making that spam.
Like Face Changer, Zombie Dress Up leaks the UDID to advertiser networks, namely Jumptap, AirPush, MobClix, and InMobi.
Adware as Malware
The fact that both apps are using aggressive advertiser networks underscores a big problem in the mobile space. While the majority of mobile ads are legitimate, there are a few bad ad networks that put users at risk, and researchers have seen a marked increase in software containing these malicious networks, wrote Jeremy Linden, a security product manager at Lookout Mobile Security.
Considering the role ad networks and advertisers play in the mobile ecosystem, "it's important that they get user privacy right," Linden wrote. The problem is that everyone doesn't agree where the line crosses from being a legitimate advertising network to becoming adware.
Lookout put the advertisers on alert warning in a blog post that it will begin classifying ad networks as adware if they display advertising outside of the normal in-app experience, harvest "unusual" personally identifiable information, and "perform unexpected actions." The full list of what would get an ad network—and by extension the app that uses it—as adware is available on Lookout's blog.
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
2 comments
Click here for commentsHowеver, саrгying the same old pаttегn ѕchool
Replybаckpack handbag all the time and for each year, starts to
get boring.
Feel free to visit my ωeblog: satchels
Peoplе wіth baԁ credit ѕtatus.
ReplyThe online government debt consolidation lοan application is a great eхpeгience moѕt especially
it came from your own pocket. If theгe is a longeг period of time with a сharge of interest included in thе
lοan amоunt frоm the borrowers.
Also visit mу web site - credit card consolidation
Conversion Conversion Emoticon Emoticon