A secret network of malicious app developers revealed
A group of at least 27 app developers caught committing fraud on a secret network via Google Play Store. With 101 applications combining in over 69 million installs, there's still much about this secret group that is unknown. But with a high amount of dangerous permissions required from their apps, it undoubtedly leads to a severe invasion of user privacy.
Calculator app to gain your camera access
Recent researchdiscovered one seemingly innocuous connection between the developer names. They named the secret group as a two-name app developer network or 2NAD in short. Details, such as each developer having two Western names, helped to unveil a whole range of malicious applications available on the Google Play Store. Noticeably, while the developers and their app names seem Western, the actual software ranges from Asian-inspired makeup apps and photo editors to call recorders and many more.
Besides the names, CyberNews discovered that 2NAD apps ask an immense amount of alarmingly dangerous permissions, which put users' privacy in danger. The most requested permissions contain reading and writing Android storage, access to the camera, and reading the phone's state. The latter allows seeing your cellular network information, phone accounts, and even the status of calls. Surprisingly, even some seemingly-innocent apps, like a calculator, ask for permission to your location, camera, pictures, audio, or video recordings.
Why and who?
It's clear - targeting users with tailored advertisements brings them, developers, some decent profit. In the best-case scenario, flooding applications with the ads can only end up with poor user experience. However, in other scenarios, these apps are built for malicious purposes - to infect devices with malware or steal users' data. Especially, when the bizarre permissions have nothing to do with the core functions of the apps. Hence, it already raises privacy concerns - with specific permissions, apps can launch ransomware, make secret phone calls, or sell user data on the black market.
Security researchers tried to track who's behind the secret network. Some of the 2NAD apps contain numbers, which look like Vietnamese postal codes, and some of them even include China Telecom APIs. Therefore, such little details point towards China, or at least it's market. But it's clear that the secret group is operating from somewhere in Asia.
Here's what to do next
CyberNews analyzed a total of 58 apps, who have at least 10,000 installs. Hence, the final number of possibly malicious applications remains unclear. However, here is a list of a secret developers group that you should avoid:
Number of apps
ProCam – HD Camera
Fruit VPN – Better Connect
Not only you should avoid apps that ask you irrelevant permissions. Getting into the habit of examining your allowances can make you more aware of what apps are doing with your phone. When you download any app, you can manually turn the permissions on and off in your Android settings. Here's how:
1. Go to your Android device's Settings.
2. Tap on Apps or Application Manager.
3. Select the app that you want to manage by tapping Permissions.
4. From here, you can choose which permissions to turn on and off, like your location and camera.