Check Your Devices: New Spyware Apps on Google Play Store

The apps have over a million downloads between them, and secretly harvest user data without consent.

New research has uncovered two harmful apps on the Google Play store, which have been downloaded 1.5 million times, and are capable of stealing private data, contacts and media.

It's not the first time data-harvesting apps have been found on the Play Store. The apps, called “File Manager” and “Super File Manager,” have been posing as legitimate file management applications. 

The apps can launch without user interaction in order to access sensitive information and send it to various malicious servers based in China.

The Two Malicious Apps Named

Pradeo, the Mobile security solutions company who discovered the security breach this week, claim that both apps feature similar malicious behaviors. The company has alerted Google, who have removed the two apps in question. 

According to the report authored by Roxane Suau and published on July 6th, 2023, both were created by the same developer. 

Check your device for the following apps: 

  • File Recovery and Data Recovery – com.spot.music.filedate – 1M+ Installs 
  • File Manager – com.file.box.master.gkd – 500K+ Installs  

These malicious apps are designed to trap users. The hacker uses techniques to make them appear more credible and make them difficult to detect and remove.

Here are some specific examples of the techniques used:

  • The hacker used mobile device emulators or installed farms to inflate user numbers and improve the apps’ ranking on the store.
  • The hacker modified the apps so that they launch automatically when the device starts. 
  • The hacker hides the apps' icons from the home screen.

These techniques are designed to make it difficult for users to detect and uninstall malicious apps.

What Information are Malicious Apps Stealing?

Both apps falsely claimed that they don’t collect any data. According to the Pradeo report, the apps were stealing: 

  • Users’ contact lists from the device itself and from all connected accounts such as email, social networks
  • Media compiled in the application: Pictures, audio and video contents
  • Real time user location
  • Mobile country code
  • Network provider name
  • Network code of the SIM provider
  • Operating system version number, which can lead to vulnerable system exploit like the Pegasus spyware did
  • Device brand and model

Tips For Staying Safe Online

Although Google has now removed these spyware apps, anyone with them on their devices should delete them immediately, as they still pose a threat.

In addition to uninstalling the apps, users should also be aware of the permissions that they grant to apps when they install them. Apps that request unnecessary permissions, such as access to your location or contacts, should be viewed with suspicion. Never download apps that have no reviews but thousands of users, this is a major sign of foul play. 

It is also important to use a security app on your Android device. A security app can scan your device for malware and other threats, and it can also help you to protect your privacy by showing you which apps have access to your sensitive data

Apple’s iPhones, on the other hand, have security features built into their device’s hardware but are still advised to follow the above advice as well as perform safety checks periodically or when they think they might be under threat. 

Organizations should find solutions to automate mobile detection and response to vet applications and block any that do not comply with their security policy.

Did you find this article helpful? Click on one of the following buttons
We're so glad you found this helpful! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:

Abby Ward is a contributor at Tech.co and freelance search engine marketing (SEM) specialist. Since graduating from Kingston University London in 2015 with Bachelor's degree in Journalism with French, she has worked in many areas of digital marketing including website management, SEO, and paid media. Her specialist topics span her professional and personal interests in search social media, ad-tech, education, food & beverage, hospitality, and business.

Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals