LOADING ...

Delete These Sketchy Android Apps That Are Tracking You Without Permission

Brendan Hesse Apr 19, 2019. 14 comments

A recent Buzzfeed article points out that several popular Android apps available on the Google Play Store have been collecting and storing sensitive user data without encryption or permission.

This particular instance is more alarming than previous—not only are some of the most-downloaded apps on the Google Play Store implicated in the report, they also happen to be developed by Chinese companies that may be sharing collected data with the Chinese government.

Which apps to delete right away

These are the apps that have been implicated in Buzzfeed’s investigation. If you have any of these installed on your phone, delete them now:

  • Selfie Camera
  • Total Cleaner
  • Smart Cooler
  • RAM Master
  • AIO Flashlight
  • Omni Cleaner
  • WaWaYaYa
  • Emoji Flashlight
  • Samsung TV Remote Control (via Peel Technologies, Inc.)

How to avoid apps like these

Don’t feel bad if yours were among the nearly 100 million combined downloads for these apps. The developers obfuscated otherwise damning information—such as country of origin and the company who owns the app—that would normally raise red flags.

However, as Buzzfeed’s investigation points out, each app asked for way too many app permissions, including “dangerous” permissions like location data, access to phone sensors, or personal contact information. This is an indicator of a suspicious app.

Google blacklisted six of the above apps—Selfie Camera, Total Cleaner, Smart Cooler, RAm Master, AIO Flashlight, and Omni Cleaner—in response to Buzzfeed’s reporting, and updated how it will evaluate permissions and developer accounts going forward, but even so, it seems to be far too easy for malicious developers to dupe the Google Play Store.

Here are our recommendations for staying smart about your app downloads:

  • Use a trusted mobile anti-virus app to scan apps and files before you install them.
  • Don’t download apps with overwhelmingly poor reviews.
  • Furthermore, pay attention to what the reviews are actually saying; companies can inflate their ratings with fake reviews to drown out the negative ones. If you see any reviews calling out shady behavior, false advertising, etc., steer clear.
  • Look out for apps with a high number of permissions, or permissions that don’t make sense for the app. For example, the AIO Flashlight app asked for 31 total permissions. No legit flashlight app requires anywhere near that many in order to run. 
  • Review an app or app developer’s security policy. This can often be found with a quick web search if none is openly provided. If the policy seems flimsy, is hosted from a dubious location (like Selfie Camera’s random Tumblr page), or if there doesn’t seem to be a security policy, period, skip the download.
  • In general, do not download apps from devs you don’t recognize. If you do, search the app online and seek out professional reviews and user feedback from tech sites and forums.
  • Be extremely cautious when downloading APK files from unofficial sources.

An app may pass several of the above parameters, but utterly fail others. For example, the Selfie Camera app boasted a 4.5-star rating on Google Play and had over 50 million downloads, yet it was asking for 50 permissions and its privacy policy was hidden on an unrelated Tumblr blog. It’s the perfect example of why any third-party apps from developers you don’t already trust need to be scrutinized.

14 Comments

Other Brendan Hesse's posts

Uninstall These Eight Browser Extensions That Stole Data from Millions Uninstall These Eight Browser Extensions That Stole Data from Millions

A massive data leak was recently discovered by cybersecurity researcher Sam Jidali, revealing private information for 45 major companies and millions of individuals. Dubbed “DataSpii” by Jidali and his team, the leak was perpetrated by innocent-looking Chrome and Firefox browser extensions that collected and distributed users’ browsing data—URLs that revealed private information about users and a long list of...

How to Use Faster Context Menus in the Latest iOS 13 and iPadOS 13 Beta How to Use Faster Context Menus in the Latest iOS 13 and iPadOS 13 Beta

The fourth iOS 13 and iPadOS beta has rolled out for developers, and while there are the usual list of changes and bug-fixes in Beta 4, one of the more interesting tweaks is a much more responsive Context Menu that you’ll be able to pull up on any device running iOS or iPadOS 13.To try it out, simply long-press...

Delete These Banned Apps From Your Android Delete These Banned Apps From Your Android

Google recently removed several apps from the Google Play Store after discovering they violated the Play Store terms of service—and, more importantly, could be used as stalkerware. That doesn’t mean they’re deleted from your Android device, though, so now’s a great time to remove them.If you’re unfamiliar with the phrase, “stalkerware” involves giving a third party access to another...

Check if Your Android Device Has Been Infected by Malicious Adware Check if Your Android Device Has Been Infected by Malicious Adware

Another wave of sketchy apps has been banned from the Google Play Store. This time around, the offending apps all came from one publisher, CooTek, who has been accused by the security firm Lookout of deploying the malicious adware BeiTaAd in its apps.According to 9to5Google’s summary of events leading to the Play Store ban, Lookout began investigating a number of...

Suggested posts

It's Time to Find a Safe Deposit Box Alternative It's Time to Find a Safe Deposit Box Alternative

Safe deposit boxes are legendary for revealing items that fix problems—at least, they do in Hollywood stories. But in real life, safe deposit boxes may not be the haven for your valuables they used to be. A horrifying story from the New York Times recounts the tales of some people who put their valuables (think diamonds and rare watches)...

Uninstall These Eight Browser Extensions That Stole Data from Millions Uninstall These Eight Browser Extensions That Stole Data from Millions

A massive data leak was recently discovered by cybersecurity researcher Sam Jidali, revealing private information for 45 major companies and millions of individuals. Dubbed “DataSpii” by Jidali and his team, the leak was perpetrated by innocent-looking Chrome and Firefox browser extensions that collected and distributed users’ browsing data—URLs that revealed private information about users and a long list of...

You Can Now Bring These Android Phones to Comcast's Xfinity Mobile You Can Now Bring These Android Phones to Comcast's Xfinity Mobile

Comcast’s mobile carrier, Xfinity Mobile, is finally opening its doors to Android devices—but not all Android devices. Previously, those looking to sign up for the company’s reasonably priced mobile service had to buy a new smartphone as part of the sign-up process. Starting in January of last year, Comcast allowed iPhone owners to bring their existing phones to its...

Donate Your Old Android Phone to Help Lemur Research Donate Your Old Android Phone to Help Lemur Research

If you have an Android phone you aren’t using anymore, don’t let it collect dust in a drawer. Donate it to the Duke Lemur Center, which will be more than happy to use it to learn more about lemurs’ ability to perceive colors.Why Android smartphones? Presumably, there’s some kind of special primate-research software that researchers are sideloading onto the...

Delete These Banned Apps From Your Android Delete These Banned Apps From Your Android

Google recently removed several apps from the Google Play Store after discovering they violated the Play Store terms of service—and, more importantly, could be used as stalkerware. That doesn’t mean they’re deleted from your Android device, though, so now’s a great time to remove them.If you’re unfamiliar with the phrase, “stalkerware” involves giving a third party access to another...

Check if Your Android Device Has Been Infected by Malicious Adware Check if Your Android Device Has Been Infected by Malicious Adware

Another wave of sketchy apps has been banned from the Google Play Store. This time around, the offending apps all came from one publisher, CooTek, who has been accused by the security firm Lookout of deploying the malicious adware BeiTaAd in its apps.According to 9to5Google’s summary of events leading to the Play Store ban, Lookout began investigating a number of...

You Should Update Your Sprint Password Right Now You Should Update Your Sprint Password Right Now

Sprint customers, change your account password right away—especially if you own a Samsung device.As originally reported by ZDNet, Sprint informed its customers that a major security breach took place on June 22. Hackers used an as-yet-undefined vulnerability on a promotional Samsung website to obtain Sprint customer information. Sprint has yet to disclose how many accounts were implicated or how...

Keep an Extra Car Key Fob by Your Bed Keep an Extra Car Key Fob by Your Bed

Most of us know the basics about how to make our homes unattractive to burglars—get a security system installed (or at least put one of those stickers in your window), keep a light on with a timer when you’re traveling, get a yappy dog, etc. But what do you do if you think someone might have ignored all your...

How to Get Through Airport Security Faster How to Get Through Airport Security Faster

Mile High WeekFlying the "friendly skies" is often hell, but it doesn't have to be. It's Mile High Week, and we're investigating everything flight-related, from how to score cheap tickets to the best time to book, from how to fall asleep on a long-haul flight to how to win the perennial war over armrests. Wheels up.  When you’re late for...

Update Your Logitech Wireless Dongle Right Now Update Your Logitech Wireless Dongle Right Now

A few years ago, hackers discovered that they could remotely take control of a PC by exploiting a vulnerability in Logitech wireless dongles. According to The Verge, dongles that Logitech is shipping today are still vulnerable to the same remote access hack—dubbed “MouseJack.”—a list that includes the manufacturer’s Unifying Receiver and G900 wireless gaming mouse.While Logitech did roll out...

Language