Popular Android Apps Found Transmitting User Data to China

Pradeo, a cybersecurity research firm, recently uncovered and reported that two Android file management apps, which had amassed over a million downloads combined, were malicious information stealers. These apps, called File Recovery & Data Recovery and File Manager, were developed by the same creator. While the former had approximately a million downloads, the latter had around 500,000.

The identified apps displayed typical malware traits. They collected excessive amounts of data beyond what was necessary for their intended functionality, hid their icons on the home screen to evade easy detection and removal by users, and failed to provide clear information about their actions and intentions.

The malicious apps were covertly sending a significant volume of harvested data to unidentified servers in China. This data included contact lists, connected email accounts, social network information, media files, gallery items, location details, mobile country code, network provider name, SIM provider’s network code, operating system version, and device brand and model.

Furthermore, Pradeo discovered that these apps abused the granted permissions to automatically restart themselves when the device was rebooted. Fortunately, Google has removed both apps from its store and has reminded users about the protective features of Google Play Protect.

It is important to note that Google Play Protect is designed to enhance user security by proactively detecting and mitigating potential threats posed by malicious applications.