With over 1.5 million installations combined, two malicious file management apps were identified by security experts on Google Play. These apps gathered excessive amounts of user data, far more than was required to deliver the functions they claimed to provide.
Both of the programs, which come from the same publisher, can be launched automatically in order to steal important information and transport it to servers in China. The two apps are still obtainable in Google Play as of the time of publication, despite Google receiving complaints about them.
On devices, File Recovery and Data Recovery is known as “com.spot.music.filedate” and has received at least 1 million installs. File Manager has at least 500,000 installations and is known on devices as “com.file.box.master.gkd.”
It is found the two apps, according to their description in the Data Safety part of their Google Play listing, do not gather any user data from the device.
But the mobile apps steal the following information from the gadget:-
Contact information from users’ associated email accounts, social networks, and on-device memory.
Images, audio, and video that are controlled by or recovered from the applications.
Network provider’s name Network provider’s SIM provider code
The version of the operating system
User location in real-time
Country code for mobile
Brand and model of the device
Many of the obtained data are not required for file management or data recovery capabilities, even though the apps may have a genuine need to collect some of the aforementioned information to guarantee optimal performance and compatibility. Even worse, this information is gathered covertly and without the user’s knowledge.
These two apps conceal their home screen icons to make it more challenging to locate and uninstall them. Additionally, they are able to launch in the background and restart the device by abusing the capabilities the user granted them after installation. The publisher probably used install farms or emulators to inflate popularity and give their items a more reliable appearance.
The fact that there are significantly fewer user reviews on the Play Store than there should be given the reported user base lends credence to this theory.
Before installing an app, it is always advised to read user reviews, pay attention to the permissions being sought, and only trust software created by respected developers.