Amidst data leaks, fears of being spied on and privacy breaches, many users are increasingly looking for ways to securely store their photos, videos and confidential messages on their smartphones, which is exactly what many apps downloadable from Google’s Play Store promise to do.
Too bad that many apps actually do the exact opposite of what they claim, as highlighted by a study led by Cybernews reporter Edvardas Mikalauskas, who analysed the top 30 apps found on the Play Store by typing the words ‘privacy app’ as a search key.
Apps that are advertised to create encrypted spaces on Android devices and allow users to have a safe space to store sensitive files and private photos, require unnecessary permissions to work and often hide malware and spyware.
Among the apps that claim to be privacy guardians, but instead exploit certain weaknesses and the always-on nature of Android to steal personal data from the user, create remote backdoors in the device and covertly analyse the information contained therein, are in particular those of Google Vault.
One of the most popular apps explicitly mentioned in the research is ‘Security Master’, which had reached more than 500 million downloads until shortly before being removed from the Play Store, and which on the one hand claimed to provide protection for ‘secure’ connections via a VPN and an antivirus system, but in reality recorded and sifted through users’ web surfing data, also fuelling online fraud based on clicks on advertisements without the user’s knowledge.
Another of the incriminated apps is ‘Vault – Hide Pics & Videos, App Lock, Free Backup’, which has been downloaded by 50 million users, instead exfiltrates personal data such as phone numbers, IMEIs and lists of applications installed on the device. Interestingly, following the various reports received, the developer simply changed the game by changing a few words in the app’s name, which has so far prevented it from being removed.
Then there is ‘Video Hider – Privacy Locker’, an app that has the uncanny ability to access and activate the camera without permission or notification, taking a picture of the user every time there is a failed attempt to unlock the device. And another app that has come under the experts’ lens is “Applock – Fingerprint Password”, which comes from a developer who had previously inserted a trojan capable of stealing PayPal credentials in another app.
These are of course just a few of the 30 apps examined, and it is worth reading the full list to see if there are any that we are using on our phones, and from what we learn from the study, there is one that asked for 14 unnecessary permissions, including consent to initiate phone calls, record audio and detect the user’s GPS position, and another that asks for a total of 170 permissions from the user who wants to install it.
SOURCE: FEDERPRIVACY