As many as 50 million Android users may have had their private data collected by rogue Android apps without their knowledge or consent.
The apps employ the use of adware to steal user data. Adware can be defined simply as “software that automatically displays or downloads advertising material (often unwanted) when a user is online.” However, this kind of adware, identified by researchers at security firm Sophos goes a step further. It doesn’t just display random annoying ads. It does more than that.
Identified as XavirAd, the adware has an information stealing component, Andr/Infostl-BK, which is baked into apps unsuspecting users are duped into downloading and installing.
Once an app that has the adware is launched, the adware communicates remotely and downloads malicious code and files on a user’s device in order to alter its behaviour. This is because should the code have existed prior to download and installation, the app could’ve been flagged by Google’s malware scanners which scour the Play Store in search of such rogue apps. Heck, the apps’ privacy policies are all flowery, speaking the language that users and Google want to hear.
The illegally downloaded code and files then work in tandem to steal sensitive user and device information (user’s email address associated with their Google account, device’s unique identifier – IMEI, among others), encrypts it and then sends it to remote web addresses where such information’s appropriate use is not guaranteed thus putting users at risk of identity theft among other vulnerabilities.
While the most common advice given to Android users is to not install apps from dubious third party app marketplaces and strictly stick to the Play Store, these information stealing apps are available on the Play Store and some of them have raked over a million users each.
The apps, which number 50, have a cumulative install figure of 55 million on the Google Play Store.
One such app, according to SophosLabs researcher Chen Yu, is “Add Text on a Photo”.
If you have any of the following apps installed on your device (you can identify them by their package names by checking Settings > Apps) then do yourself a big favour and uninstall them.
Stay safe out there.
