Malicious apps on Google Play Store, maybe on your cellphone. Android is the most widely used operating system in the world and is installed on more than 2.5 billion devices. However, recent studies remind Android users to pay more attention to data security.
What are malicious apps?
As the name suggests it is a malicious application or software, in this case is an app that specifically targets the operating system on Android mobile phones. There are many types of mobile malware variants and the different methods of distribution and infection. Malicious apps can hide in seemingly legitimate applications, especially when they are downloaded from a website or a message instead of from Google Play Store.
This warning comes from Comparitech which focuses on Firebase — Google’s mobile app development platform. Firebase itself is estimated to be used by almost 30% of all applications in the Google Play Store.
Well, a study from Comparitech claims 4.8% of mobile applications use Firebase to store user data insecure. In fact, this allows anyone to access personal data such as e-mail and telephone numbers because the database does not use a password.
Comparitech found 4,282 applications leaking sensitive information from 515 thousand application samples, which means that is equal to 18% of all applications in the Play Store, as quoted by Express UK.
The study also found that ‘vulnerable’ applications that have been identified have been installed 4.22 billion times by Android users. Exposed data includes more than seven million email addresses, more than 4.4 million usernames, 5.3 million telephone numbers and more than one million passwords. Not to mention the risk of leaking credit card numbers (CC).
Furthermore, game applications accounted for 24.71% of Play Store applications in the vulnerable category, followed by educational applications with a percentage of 14.72% and entertainment applications as much as 6.02%.
Hundreds of malicious applications that appear in the Google Play Store, disguised as a legitimate application. These malicious applications that carry malware known as Dresscode. Dresscode designed to infiltrate networks and steal data. It can also be added to a botnet of infected devices, are able to carry out denial-of-service (DDoS) attacks as well as taking part in a spam email campaign.
Some vulnerable applications are also able to spread malware, commit phishing scams and insert fake headlines into popular news applications.
“Given that the average smartphone user installs between 60 and 90 applications, it is likely that the privacy of Android users has been threatened by at least one application,” Comparitech wrote in their study.
Speaking of the research, a Google spokesperson said that Firebase provided a number of features that helped developers configure their deployments safely.
“We give developers notice of possible misconfigurations in their deployments and offer recommendations to fix them. We reach out to affected developers to help them overcome this problem,” he said.
Well, for that, Comparitech provides advice so that your cell phone can be safer from the threat of personal data leakage:
- Don’t use the same password on multiple accounts and make sure the password is strong
- Only install applications with high number of reviews and installations
- Be aware of what information you are sharing with the application
- Avoid leaking sensitive personal information such as addresses, photo ID cards, and others.