Cyber firm cautions mobile users against ‘rogue’ apps

Close to 40% of respondents gave access to their data to download free apps

July 04, 2016 01:46 am | Updated 01:46 am IST - NEW DELHI:

CHENNAI : 03/07/2016 : Mobile Phone Apps. Photo : K_Pichumani

CHENNAI : 03/07/2016 : Mobile Phone Apps. Photo : K_Pichumani

Cyber criminals are now turning to application stores, traditionally considered a safe destination for downloading mobile apps, to plant malware in phones.

Recently, cyber security solutions provider Symantec had detected an application on Google Play Store — Beaver Gang Counter — that masquerades as a score keeping app for a popular card game. However in reality, once installed on the device, this application secretly starts searching media files related to Viber. Once it finds them, it sends them to a remote server.

While applications are mostly verified before being published on the official Android store, some manage to slip past the store’s upfront security checks.

Viber

“Viber is an extremely popular social media app with over 500 million installs on Google Play alone. The data stolen by the malware could be used for a number of nefarious purposes such as identity theft, blackmail, fraud, or pornography,” Symantec said in a blogpost.

Symantec had alerted Google about this issue and in response they removed this app and developer from Google Play Store.

The discovery of this app, it added, demonstrated that having photos stolen from devices is also a risk Android users needed to be aware of. Some time ago, private photographs of some celebrities were leaked online, with reports suggesting that the attackers gained access to their Apple iCloud accounts.

“Mobile devices connect us to the world, storing our most personal and valuable information in digital form. However, this freedom complicates our security, and in fact mobile apps may present significant challenges to protecting our privacy. It might surprise you to learn that most threats to sensitive information on mobile devices are hidden in plain sight — in apps,” Ritesh Chopra, Country Manager, India, Norton by Symantec, said.

He added that many apps accessed or shared private, sensitive data without the users’ knowledge or full understanding. Norton researchers recently found that globally, of the 10.8 million apps analysed by them, almost 3.3 million were classified as malware, a 230 per cent increase from 2014.

The study suggested that close to 40 per cent respondents granted permission to access their camera, bookmarks and browser history in exchange for free apps. “Thus, while apps are fun, boost your productivity and make your life easier, certain “rogue” apps can carry significant risks,” Mr. Chopra added.

Meanwhile, a Google spokesperson said: “While we don’t comment on specific apps, we can confirm that our policies are designed to provide a great experience for users and developers. That’s why we remove apps from Google Play that violate those policies.”

To stay protected from such mobile threats, Symantec recommends that users refrain from downloading apps from unfamiliar sites and install apps only from trusted sources. Besides, close attention should be paid to the permissions that apps request.

Anti-virus updates

Users should avoid apps with a poor or non-existent reputation and any app that no one knows about should not be trusted. It is also important that mobile software, including anti-viruses are kept updated.

Earlier, Symantec had also found a bug in a popular local food and restaurant recommendation site Burrp, which ultimately allowed cyber criminals to take over users’ system to encrypt files and later demand ransom to decrypt the same files. Most of the users who have been impacted by this attack are based in the U.S. and India.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.