The apps – which come from the same developer – were able to start without any user interaction stealing sensitive data and sending it to Chinese servers. The worst part is that even though the apps were reported to Google at the time, they were still available for several days – but have now been removed from the Play Store.
The two apps were discovered by mobile security solutions company Pradeo’s behavioral analytics engine.
This user data has been transferred without permission
In the app’s description, it’s mentioned that the apps don’t collect any personal data, but Pradeo, by comparison, has compiled a full list of things the apps leak in the background, he writes. sleeping computer. For example, it was:
- List of users and connected email accounts and social networks
- Managed or retrieved photos, audio and video recordings within apps
- User location in real time
- Network service provider name
- The operating system version number
- Device brand and model
While some apps may have legitimate reasons for collecting some of the above to ensure better performance and compatibility, most of the data collected is not necessary for file management or data recovery functions, which the apps claim to help the user do.
It is also a matter of concern that the data is collected by the apps without the user’s consent, what’s more, they don’t even appear on the home screen after installation, so that the user forgets they ever installed it. We wrote in more detail in this article about what you need to do to ensure that your phone is always safe.
