The search team at CyberNews has discovered that there are about 30 applications in the Google Play store that steal user data and infect phones with malware, and the number of downloads of these applications reached 1.4 billion downloads.
The research team has focused on camera applications, especially those belonging to the category Beauty Camera, which are applications that are used to add makeup or cartoon filters on the face for fun personal photos, or to edit and improve some of the lowest quality images.
But what you do not expect is that many of these applications collect your private data and sell it to external parties, or infect you with malicious ads without stopping, or redirect you to phishing sites, or even spy on you without your knowledge.
The research team analyzed the results of the best BeautyPlus applications that appear in the results of the Google Play store search; they found that the first application (BeautyPlus) which has installed 300 million installs - is considered a malicious application, as it includes data collection codes and when downloading the application requests A set of unnecessary permissions such as: access to your site, your phone number, as well as checking for jailbreaks, and its carrier your phone number.
Reports have indicated that the developer, Meitu, is suspected of collecting user data on its Chinese servers and then selling it.
In order to conduct this search, the team analyzed the 30 best results that were displayed on the Google store after the search with the word "camera beauty". The applications that were analyzed included the following:
- Beauty Camera apps that ask for permissions you don't need.
- Applications from unknown developers, especially free apps.
- Apps that engage in unethical behavior or display annoying ads.
To validate these applications, the team analyzed the following:
- The amount of permissions you require.
- Website of application developers; the reliability of this site.
- The presence of any malware, spyware, security vulnerabilities or unethical practices.
The list of affected applications includes:
- BeautyPlus - Easy Photo Editor & Selfie Camera
- BeautyCam
- Beauty Camera - Selfie Camera
- Selfie Camera - Beauty Camera & Photo Editor
- Beauty Camera Plus - Sweet Camera & Makeup Photo
- Beauty Camera - Selfie Camera & Photo Editor
- YouCam Perfect - Best Selfie Camera & Photo Editor
- Sweet Snap - Beauty Selfie Camera & Face Filter
- Sweet Selfie Snap - Sweet Camera & Beauty Cam Snap
- Beauty Camera - Selfie Camera with Photo Editor
- Beauty Camera - Best Selfie Camera & Photo Editor
- B612 - Beauty & Filter Camera
- Face Makeup Camera & Beauty Photo Makeup Editor
- Sweet Selfie - Selfie Camera & Makeup Photo Editor
- Selfie camera - Beauty Camera & Makeup camera
- YouCam Perfect - Best Photo Editor & Selfie Camera
- Beauty Camera Makeup Face Selfie, Photo Editor
- Selfie Camera - Beauty Camera
- Z Beauty Camera
- HD Camera Selfie Beauty Camera
- Candy Camera - selfie, beauty camera & photo editor
- Makeup Camera-Selfie Beauty Filter Photo Editor
- Beauty Selfie Plus - Sweet Camera Wonder HD Camera
- Selfie Camera - Beauty Camera & AR Stickers
- Pretty Makeup, Beauty Photo Editor & Selfie Camera
- Beauty Camera
- Bestie - Camera360 Beauty Cam
- Photo Editor - Beauty Camera
- Beauty Makeup, Selfie Camera Effects & Photo Editor
- Selfie cam - Bestie Makeup Beauty Camera & Filters
research results:
- More than half of these apps - about 16 apps - have been launched from Hong Kong or China.
- None of these apps require permission to use the camera, since it runs the camera without any permission.
- There are three separate developers managed by the same group, and they may be related to the suite of applications that have been discovered to contain Trojan software.
- Top-rated app developer Meitu; who has up to 16 apps on the Google Play Store, has apps that are classified as malicious, violate Google's advertising policies, and collect data secretly.
- One of these apps is accused of sending pornographic content to users, redirecting them to phishing sites or collecting their photos.
- These apps require up to 7 sensitive permissions; there are 5 of them on average that are not necessary to run the app.
- Unnecessary permissions include voice recording, and GPS usage.
- One of these apps requires about 40 permissions, while only a few permissions are required to run it.
0 Comments