Got scratching my head about what title i should give this particular post, well after watching the “man with the Iron fist” movie let’s just say i settled with a kind of action movie title…lool!
Now I’m sure most of you will be like what android monsters should we beware of ? whose the monster and where is it? The monsters are some of the applications you download on your android phones which damages it or expose some vital information about the user. For every second that passes by there is someone, somewhere in the world downloading an application on his or her android phone. Most of us don’t research on an application before downloading it, all we do just look at the name, what it does and start downloading without looking for peoples reviews on it. Which is bad.
Security companies regularly warn about the perils of malicious mobile apps roaming around in app stores pretending to be legitimate apps. SecurityWatch is partnering with a handful of security companies who monitor apps on Google Play and third-party marketplaces to identify malicious apps you should not have on your Android device.
While most of them aren’t as dangerous as their malicious counterparts in the PC or Mac world, many of these apps can trick users into sending SMS messages to premium numbers or receiving content from services that charge exorbitant rates. They can also be a little aggressive about the kind of personal data harvested from the device.
If you’ve downloaded these apps recently, check out what they are capable of and considering removing them from your device altogether.
Face Changer versions 2.4 to 15 from developer Xingaad was flagged by BitDefender this week. The app displays ads in the notification bar even when it is not open, which many companies consider as being spam.
Face Changer can track user location while it’s open, and can upload the location to several advertising networks. It also can create new advertisement icons on your Home screen, via Apperhand, an advertising network.
The app can access the user call history, browsing history, and the contacts list. While many apps have a “reasonable motive” to access the contact list in order to provide service, this isn’t one of them, BitDefender said.
Face Changer can also make phone calls. “Make sure you trust this app, because phone calls obviously cost you money,” BitDefender said.
Leaking the device’s unique identifier is another no-no. The UDID is used by developers, advertisers, and analytics tools to track user location and behavior across apps. In this case, Face Changer uploads the Unique Device ID to a number of aggressive ad networks, including Jumptap, Apperhand, Tapjoy, MobClix, MobFox, and InMobi, as well as to data.flurry.com.
“Your device’s Unique Device ID can be used to track your location or behavior across more than one app,” BitDefender told SecurityWatch.
Zombie Dress Up Game
Zombie Dress Up-Zombie Game version 1.0.8 to 9 from GoodSoundsApps have similar relationships with aggressive advertising networks. The app leaks user phone number, email address, and device id, according to BitDefender. It obtains the phone number and email address associated with the device and uploads it to AirPush servers. User location is also sent to AirPush.
The app can also create new advertisement icons on your Home screen, and can display ads in the notification area. While users have to opt in before the ads are shown in the notification area, there doesn’t appear to be a similar opt-in option for the Home screen, making that spam.
Like Face Changer, Zombie Dress Up leaks the UDID to advertiser networks, namely Jumptap, AirPush, MobClix, and InMobi.
Adware as Malware
The fact that both apps are using aggressive advertiser networks underscores a big problem in the mobile space. While the majority of mobile ads are legitimate, there are a few bad ad networks that put users at risk, and researchers have seen a marked increase in software containing these malicious networks, wrote Jeremy Linden, a security product manager at Lookout Mobile Security.
Considering the role ad networks and advertisers play in the mobile ecosystem, “it’s important that they get user privacy right,” Linden wrote. The problem is that everyone doesn’t agree where the line crosses from being a legitimate advertising network to becoming adware.
Lookout put the advertisers on alert warning in a blog post that it will begin classifying ad networks as adware if they display advertising outside of the normal in-app experience, harvest “unusual” personally identifiable information, and “perform unexpected actions.”
Just a few of them for now. so please be careful about the kind of application you download.