A secret network of malicious app developers revealed

A group of at least 27 app developers caught committing fraud on a secret network via Google Play Store. With 101 applications combining in over 69 million installs, there's still much about this secret group that is unknown. But with a high amount of dangerous permissions required from their apps, it undoubtedly leads to a severe invasion of user privacy.

Calculator app to gain your camera access

Recent research made by CyberNews discovered one seemingly innocuous connection between the developer names. They named the secret group as a two-name app developer network or 2NAD in short. Details, such as each developer having two Western names, helped to unveil a whole range of malicious applications available on the Google Play Store. Noticeably, while the developers and their app names seem Western, the actual software ranges from Asian-inspired makeup apps and photo editors to call recorders and many more.

Besides the names, CyberNews discovered that 2NAD apps ask an immense amount of alarmingly dangerous permissions, which put users' privacy in danger. The most requested permissions contain reading and writing Android storage, access to the camera, and reading the phone's state. The latter allows seeing your cellular network information, phone accounts, and even the status of calls. Surprisingly, even some seemingly-innocent apps, like a calculator, ask for permission to your location, camera, pictures, audio, or video recordings.

Each app that belongs to 2NAD developers has the same Privacy Policy. In fact, all of the apps are apparent duplicates between the 2NAD network, or even stolen from other, more popular app developers. Stealing the APKs is against Google Play Store Policy. Also, they are violating general Android policies, which include misrepresentation and repetitive content. Since 2NAD apps are also bombing users with ads, it also violates the "Made for Ads" policy. Google Play Store doesn't allow apps whose primary purpose is to serve advertisements.

Why and who?

It's clear - targeting users with tailored advertisements brings them, developers, some decent profit. In the best-case scenario, flooding applications with the ads can only end up with poor user experience. However, in other scenarios, these apps are built for malicious purposes - to infect devices with malware or steal users' data. Especially, when the bizarre permissions have nothing to do with the core functions of the apps. Hence, it already raises privacy concerns - with specific permissions, apps can launch ransomware, make secret phone calls, or sell user data on the black market.

Security researchers tried to track who's behind the secret network. Some of the 2NAD apps contain numbers, which look like Vietnamese postal codes, and some of them even include China Telecom APIs. Therefore, such little details point towards China, or at least it's market. But it's clear that the secret group is operating from somewhere in Asia.

Here's what to do next

CyberNews analyzed a total of 58 apps, who have at least 10,000 installs. Hence, the final number of possibly malicious applications remains unclear. However, here is a list of a secret developers group that you should avoid:

Developer name

Installs

Number of apps

Virgilo Malley

7,060,000

5

Daniel Malley

1,701,000

5

Alex Joe

10,000,000

1

Hudson Parker

3,001,000

4

Wilfred Wessner

1,150,000

3

Adaline Garraway

305,000

5

Armel Bilton

6,000,000

2

Noble Gracious

2,100,505

6

Arrow Frankie

6,000,000

2

Lukas Podolskies

820,500

6

Rusty Mari

5,500,000

2

Weldon Hazeltine

1,006,110

6

Jacinto Macias

2,101,100

5

Flavia Sleeman

70,511

5

Douglas Morace

125,000

4

Dulcie Lawing

121,015

6

Kylian Mbapee

6,000,000

2

ProCam – HD Camera

1,710,000

6

Evan Well

516,060

6

Samuels Dynamo

2,100,000

4

Fruit VPN – Better Connect

5,000,000

1

Carrie Waters

3,000,000

3

Antoine Kenyon

2,105,000

4

Darry Cowlly

1,010,000

2

Gaspard Aden

51,000

2

Alfred Persen

100,000

1

Hwan Seon

110,000

3

Total

68,763,801

101

Not only you should avoid apps that ask you irrelevant permissions. Getting into the habit of examining your allowances can make you more aware of what apps are doing with your phone. When you download any app, you can manually turn the permissions on and off in your Android settings. Here's how:

1. Go to your Android device's Settings.

2. Tap on Apps or Application Manager.

3. Select the app that you want to manage by tapping Permissions.

4. From here, you can choose which permissions to turn on and off, like your location and camera.


Anton P.

Anton P.


Tags: VPN