Google Play Store is every so often packed with malware-based applications and needs a lot of work to notice them. According to recent hearsays, a Chinese company, Shenzhen HAWK, is “secretly behind 24 popular applications that want dangerous permits.”
As of now, these applications are no longer in the Google Play Store, but before their expulsion, they already had 382 million downloads. “We take reports of security and privacy violations seriously,” Google told Forbes reporter Zak Doffman.
“If we find behavior that violates our policies, we take action.” And that is what has happened here. Before continuing with the report, the 24 applications are listed in the image below.
One of the applications, Hi Security, requests “too much” and strange permissions within its VPN applications. After a series of researches, it was discovered that this application had links with Shenzhen HAWK.
Shenzhen HAWK is a subsidiary of TCL Corporation, a huge and partially state-owned Chinese electronics corporation. This is not the first report of TCL participation in malicious applications. Last year, reports of its malicious weather forecast application came to the web. In 2017, the Indian government discovered that Virus Cleaner (another of Hi Security’s applications) hid “spyware or other malware.” Another two applications (Super Battery and Dig It) were still available for download. However, Google has not confirmed that all 24 applications no longer exist in the Google Play Store.
What sort of data do they collect through the app?
While six of the 24 apps need access to the user’s camera, two want to penetrate the phone. This means that they can make phone calls or send messages. From the list, 15 apps need GPS access (users location) and can read data on external storage. In addition, 14 of these apps can return details of a user’s phone and network. In fact, one of these can record audio on its server or on the device while another has access to your contact.
With all these permissions, these apps collectively have access to your entire device. They can also communicate with an external server controlled by their developers. Ever wonder why you get certain advert messages of things you shop for frequently? Once the app has location and user details, it can know your preferences and sell this information to advertisers who will then be able to personalize unwanted ads for you. This is probably the lowest risk associated with these apps.
Always make sure before installing any unknown sort of application on your device. The risk is for sure real.
Adnan is a web developer with hands-on experience in analysis, designing, development, and delivery of web apps. His key skills include knowledge of Core PHP, JSON & XML Parsing. He’s also a foodie. So, either you’ll find him at his desk busy in building interesting web apps or at a restaurant relishing some new cuisine.