A photo editor with a difference

[harlan4096]

Whenever we discuss Android security, we always recommend downloading apps only from the Google Play Store, as it contains significantly fewer malicious apps than other such sites. Still, developers manage to sneak in malware every now and then. So, how do you avoid picking up something nasty when downloading apps from Google Play? Pay close attention to the permissions requested by the app, and think carefully about why the app needs those permissions before you give it the green (or red) light. Today’s post looks at that very issue: the danger posed by a Google Play app that demands seemingly unnecessary permissions.

Not long ago, we discovered a couple of fairly unhealthy programs in Google Play posing as photo apps. Both apps hung around in the store long enough to chalk up 10,000 downloads each. There was nothing particularly eye-catching about them; they were just two members of the “yet another photo editor” class.

The only detail that might have alerted the observant user was that both apps persistently requested access to notifications, and they wouldn’t take no for an answer. All incoming messages appear in notifications, which means that the photo editors, if given permission, could read them. A photo editor has no need for such access — normally, that’s something used for communicating with a smartwatch. So, why would it request that?

Well, after installation, the putative photo editor collected information (phone number, smartphone model, screen size, mobile operator, etc.) and sent it to the cybercriminals’ server. In response, it received a list of Web addresses pointing (via several redirects) to a paid subscription sign-up page.

Continue Reading