Apps that Leak

Jörgen Städje
November 12, 2020

The mobile is amazing. There are thousands of fun apps to download for free.

The mobile is amazing. There are thousands of fun apps to download for free. You can send video and audio. You can colour and distort pictures and play fun games. The fun never ends!!Well, it does, when you get hold of a dangerous app. Despite the providers’ efforts to clean them out, the app stores are unfortunately flooded with dangerous apps, which can either infect your phone with hostage-taking programs or programs that steal data, apps that vacuum the phone for personal data and send it to the appropriate totalitarian state, or sell it to the highest bidder, or collect your GPS position on a regular basis, compile it with your texts and messages, enabling some perpetrator to compromise you.

These are the most famous.

In May 2020 the Android apps Abfix, CoinCast, SnapTune Vid, Currency XE converter, Office Scanner, Horoscope and Car News turned out to be infected by the Mandrake spy program, which can steal identities, two-factor authorisation etc. which can be used for extortion, reports Bitdefender and IDG. Mandrake was cunningly designed, worked under the radar and was included on Google Play for four years. Most of them are no longer available in the Google App Store and can not be found on the Internet. But rest assured, new ones will be coming.

Zoom has quickly emerged as one of the most insecure video conferencing programs available. Zoom management claims that they are working on the matter. At the same time, the main owner is in China. Personal information is leaked to both advertising companies and Facebook and encryption keys and data are sent on to servers in China, where Zoom has a development department. Zoom is currently controlled by China, blocking accounts of obnoxious journalists and opposition Chinese abroad.

FaceApp: The FaceAppp that modifies faces is suspected of sending images to Russia.

TikTok: The video app TikTok was suspected of sending films to Russia and China. In 2020, the Reddit user “bangorlol” did some reverse engineering on the app and came to the conclusion that it basically is an app for collection of the user’s personal data, GPS position, contacts, etc., with a “built-in video part”. It collects information about everything installed in the phone, everything about the phone’s hardware, IP addresses, Wifi networks it is connected to, if the phone is rooted, and the GPS position is retrieved every 30 seconds.The app can also download a ZIP file, unzip it and run it. That way, cybercriminals can install anything.

In July 2020, the United States and Australia considered banning the app altogether due to the risk of Chinese espionage. India’s Department of Electronics and Information Technology has banned 59 Chinese apps, including Tiktok and Wechat, which it considers “engaged in activities harmful to India’s sovereignty and integrity”, according to a press release on The Verge news site.

TrueCaller is an app that displays the caller’s number and allows the caller to enter a comment, such as the caller’s identity. The identity is then shared with all TrueCaller users. It can be deadly for opposition journalists working in dictatorships.

WhatsApp: A WhatsApp security flaw allows cybercriminals to install spyware without being detected.

World Weather Accurate Radar: The Weather Forecast app – World Weather Accurate Radar is known to have sent personal data to China.

1 Things Change

Remember that these particular apps may not necessarily be harmful forever, just because they were harmful when this article was written. Work may be in progress to eliminate the harmful properties. You must keep an eye on the tech press to find out if the app you intend to download is harmful or harmless. The fact that it has already been downloaded by 37 million users does not matter at all. That your friends think the app is awesome also does not matter. Google’s search engine is your best friend.

Remember that these particular apps may not necessarily be harmful forever, just because they were harmful when this article was written.

The Google Play page with weather apps contains more than 200 items, all with similar names. If you have been looking for a secure app, make sure you get the right one and not one with almost the same name.

2 App Stores

The app stores with the highest number of malicious apps in 2019 (number in parentheses):

  • (61,669)
  • Google Play Store (25,647)
  • Zhushou (25,091)
  • Feral Apps (12,079)
  • Vmappapps (5972)
  • Wwwdownloadatoz (4315)

The safest app store is perhaps not entirely unexpectedly the Apples’s App Store, as Apple’s strict controls make it difficult for developers to spread malware.

3 Visible and Invisible

Malicious “Joker” software has once again (2020) managed to bypass Google’s security system and once again spread through the Play Store, reports The Hacker News. Joker apps can look like anything, but they usually resemble already popular apps, which can thus be accidentally downloaded. The malicious apps are normally used to send fake bills or steal information such as text messages and contact lists. Since the beginning of 2017, Google has removed more than 1700 apps that contained the Joker malware, also known as “Bread”,

Many apps have similar names. For weather apps, words like “accurate”, “weather” and “radar” are very common.

4 The Risk for You?

Image: Sebastián Navarro, Unsplash

How could it be dangerous for the average person if his or her images, contacts, positions and opinions happen to end up in some totalitarian state? What could you have on your phone or on your social media that could be dangerous?

  • Where were you last night? Not at your wife’s house? If so, where? One can find out if they have your position information and access to your texts and messages. It could be harmful if you are a politician, or planning to become a politician and the information is used by your opponents.
  • That political meeting in City Hall that you would rather not reveal that you attended? If you have fled a totalitarian state, it can be used as a threat to you, or your family.
  • The funny, equivocal pictures you took three years ago may seem innocent, but may well be pulled out when you apply for employment in some sensitive place.
  • With the anti-racism-fascism-anti-everything-incitement that is going on today, a picture of you making a sign of honour in front of a disliked statue can lead to you being persecuted or losing your job.
  • A picture of you visiting a totalitarian state might prevent entry to another totalitarian state.
  • You probably don’t know any opposition activists. But in three years, in your future work as a journalist, you will get in touch with a freedom fighter who then will be threatened with capital punishment. When your contact list leaks to the malicious government, it may result in a disappearance.

The wrong picture taken in the wrong place, together with the wrong people, pictures with erotic content, you holding weapons, messages with political content and more, may seem funny and harmless right now, but can prove very dangerous in the future. The way that image may be used, may have nothing to do with the original situation, but it does not matter to the perpetrators.

Remember one thing: it’s nothing personal. They just want your money.

Remember one thing: it’s nothing personal. They just want your money.



VPN: The Ultimate Beginners Guide

VPNs are quite popular with everyone in today’s world. VPNs are quite popular with ever...