Another round of dangerous Android apps still in the Play Store. They were developed in China, installed 382 million times and are stealing data
There are 24 Android apps, produced by 4 developers and already downloaded by 382 million people worldwide, that are stealing data. This was discovered by the site VPN Pro, which specializes in the analysis of software to create virtual private networks (the famous VPNs) and, consequently, also in privacy. These apps, it seems, are bringing in a lot of money to their developers thanks to a massive collection of user data.
The behavior of many of these apps is known to Google, which, however, has not yet banned them from the Play Store. VPN Pro also discovered that all these apps are actually part of a single app network run by Shenzhen, China-based HAWK, a subsidiary of TLC Corporation, with the main purpose of raking in data from users all over the world. The paradoxical thing is that, among these apps, there are also some that promise to increase the security and privacy of the devices on which they are installed and even one to create VPN networks. The parent company TLC Corporation, finally, is already well known for holding the rights to the Alcatel, BlackBerry and RCA brands and for having developed the Weather Forecast app pre-installed on Alcatel devices. An app that, in reality, was a real malware. What is Google waiting for to delete these apps from the Play Store?
Data-stealing apps: what are they
These Chinese data-stealing apps include everything: some are games, some are calculators, some are weather apps, one is a launcher and another is a browser. Ecco la lista completa:
- Sound Recorder,
- Super Cleaner,
- Virus Cleaner 2019,
- File Manager,
- Joy Launcher,
- Turbo Browser,
- Weather Forecast,
- Candy Selfie Camera,
- Hi VPN,
- Free VPN,
- Candy Gallery,
- Calendar Lite,
- Super Battery,
- Hi Security 2019,
- Net Master,
- Puzzle Box,
- Private Browser,
- Hi VPN Pro,
- World Zoo,
- Word Crossy!,
- Soccer Pinball,
- Dig it,
- Laser Break,
- Music Roam,
- Word Crush.
Permessi sospetti
Il modo in cui queste app rubano i nostri dati è molto semplice e, tutto sommato, è sempre il solito: durante l’installazione ci chiedono permessi di accesso al dispositivo di cui in realtà non avrebbero bisogno e noi, pur di usare l’app (che ovviamente è gratis) glieli concediamo senza farci troppe domande. From that moment on, each of these apps starts to collect a huge amount of data on our behavior and send it to servers in China (where the government can, by law, easily access any data stored on a server of a private company). The business is huge: according to VPN Pro, an app that has 1 million active users per month earns the developer $4,000 per month from the sale of user location information alone. These apps, then, earn HAWK over $1.5 million each month from just one of the many pieces of data collected: our location.