A recent Buzzfeed article points out that several popular Android apps available on the Google Play Store get and store sensitive user data without your permission and without being encrypted. Some of these examples can be alarming because they are applications from the Google Play Store with millions of downloads, some of them being developed by Chinese companies.
Do not feel bad if you are among the nearly 100 million downloads combined. Developers hide their own information that might soon get their attention, such as the country of origin and the company that owns the application. However, as Buzzfeed’s research points out, each application called for many permissions, including “dangerous” permissions, such as location data, access to phone sensors, or personal contact information. This is an indicator of a suspicious application.
List of Apps
These are the applications that were implicated in the Buzzfeed investigation. If you have any of these installed on your smartphone, you should now uninstall:
- Selfie Camera
- Total Cleaner
- Smart Cooler
- RAM Master
- AIO Flashlight
- Omni Cleaner
- Emoji Flashlight
- Samsung TV Remote Control (via Peel Technologies, Inc.)
Google has blacklisted six of the above applications – Selfie Camera, Total Cleaner, Smart Cooler, RAM Master, AIO Flashlight and Omni Cleaner – in response to Buzzfeed reports and updated how to evaluate permissions and developer accounts, but even so it seems very easy for malicious programmers to fool the Google Play Store.
What are the measures to guard against this type of situation?
Here are some recommendations to be aware of before you download an application:
- Use a trusted mobile antivirus to scan applications and files before installing
- Do not download apps with much more ratings. Also, pay attention to reviews; companies can inflate their valuations with false valuations to stifle the negative ones.
- Watch out for applications with a high number of permissions and, in particular, permissions that do not make sense for the application to work. For example, the AIO Flashlight application asked for 31 total permissions. No legitimate flashlight application needs as many permissions to work.
- Review the security policy of an application or developer. This can be found with a quick web search if you can not access directly through the Play Store. A more serious company, it will not host your information in a dubious location (such as the random Tumblr page of Selfie Camera) or, if there is no security policy, period, ignore the download.
- Be extremely cautious when downloading APK files from unofficial sources.
In general, do not download developer applications that you do not recognize. If you do, search the online application and search for professional reviews and user reviews of websites, forums, and technology sites.