Android customers are being urged to check their phones following the discovery of two apps that are actually spyware, collecting data from more than 1.5 million users.
The fishy apps were found hiding on the Google Play Store, posing as file management applications, according to cybersecurity analysts from leading mobile security company Pradeo.
WATCH THE VIDEO ABOVE: Is your phone spying on you? Expert advice on securing your device.
Watch the latest News on Channel 7 or stream for free on 7plus >>
The apps, File Manager and File Recovery and Data Recovery, were downloaded more than 1.5 million times and have been sneakily stealing user data.
“They are programmed to launch without users’ interaction, and to silently exfiltrate sensitive users’ data towards various malicious servers based in China,” Pradeo said in a security alert.
The apps claim to not collect any data from the user’s device, however, Pradeo’s behaviour analysis engine revealed the spyware was collecting “very personal data” from their users, such as:
- User contact lists from the device and connected accounts, including email and social media
- Real-time user location
- Mobile country code
- Network provider name and SIM provider network code
- Operating system version number
- Device brand and model
Pradeo’s report found the seemingly harmless apps were sending an alarming amount of data to multiple servers in China.
The malicious apps use a sneaky tactic of hiding their icons from the general view on the home screen, making uninstallation more difficult.
To delete the apps, users need to go to their application list in settings.
Pradeo has alerted Google to the malicious apps, which have since been kicked off the Play Store, and is advising the one million people who downloaded File Recovery and Data Recovery (com.spot.music.filedate) and 500,000 who installed File Manager (com.file.box.master.gkd) to “delete them” as soon as possible.
Its advice is to avoid applications that do not have any reviews but boast thousands of users and always read reviews and permissions before accepting them.