Alert! Delete File Recovery and Data Recovery and File Manager Apps Now
Google Play began rolling out privacy-focused "nutrition labels" last year to help users learn what data apps collect even before downloading them. However, bad actors and developers have found a way to bypass the system to steal user data. According to cybersecurity analysts from mobile cybersecurity company Pradeo, two apps were found on Google Play with spyware that sent data to malicious servers based in China. The firm notes that more than 10 lakh users are affected by spyware laden applications. It added that the app's download pages indicated they did not collect data.
In a blog post, the cybersecurity firm claims it alerted Google to the discovery. The two apps with Chinese spyware are "File Recovery and data recovery" and "File Manager." Both are published by the same developer, named "Wang Tom." As the names suggest, the app helps users to manage data and, in some cases, "retrieve deleted files from your phone tablets, or any Android devices." Users should delete the apps if they are still using them.
As mentioned, the apps somehow skipped adding Google Play's rule for apps to declare the data they collect. The post reads, "On the Google Play Store, both the above-mentioned applications' profiles announce that they do not collect any data from user's devices, which we found to be false information. Furthermore, they announce that if data was collected, users could not request it to be deleted, which is against most data protection laws like the GDPR."
The research firm suggests that they collected data, including the contact lists of the users of the device itself and all connected accounts, the user's real-time location, the mobile country code, the name of the network provider, the code SIM provider's network number and device brand and model.
Android apps loaded with spyware have probably passed Google Play's security check as they offer seemingly legitimate services. The research firm suggests that users should view reviews before downloading apps. The apps often show up with many downloads, but no reviews raise red flags. The firm also notes that users should "read the permissions carefully before accepting them."