Android Apps That Can Steal Your Data
Posts by StephenMarch 12, 2024
A common misconception is that all downloads from the Google Play Store are safe. Most downloads are innocent; however, it doesn’t mean users don’t have to proceed with caution.
Recently, eight Android apps were found with Joker malware. The eight apps had millions of downloads, compromising every phone that had the programs installed.
Theoretically, these apps could collect, steal, and sell data from Android users, creating devastating impact effortlessly. Additionally, reports of malicious subscriptions costing thousands were reported—attributed to the malware in the apps.
These have since been removed from the platform but highlight the importance of knowing users’ risks every time they download something on their phone.
While the Play Store attempts to minimize a user’s risk, apps outside of the platform are a free-for-all. There is minimal protection available, meaning it’s an ‘at your own risk’ download.
Questionable App Permissions
App permissions allow applications on the device to access hardware features, personal devices, or functionality settings on the phone. These can include your call logs, camera, photos, or documents.
Any app attempting to download on the device must declare the permissions and receive approval before installation. Essentially, an app can’t snoop through your phone unless you give it direct permission.
The majority of app installations are innocent. An editing software would need permission to access the gallery on your phone. Alternatively, a map program will need your phone’s GPS to determine your location.
Defining the relevance of these permissions requires intent. The higher the level of permissions, the more likely to drain resources or load your phone with adware. It also increases the likelihood of adware, spyware, or malware on the device.
App Permissions to Avoid
Authenticate Accounts
Although major apps often require authentication, small third-party apps should never be granted access. Applications can access sensitive information on your phone, like passwords, through phishing. These apps can then take your usernames and passwords (including email, social media, online accounts, subscriptions, and banking details).
If you’ve previously granted this permission, perform a background check on yourself as soon as possible. The background check will provide a detailed list of your accounts, financial history, social media accounts, and dark web search results. If any of your accounts have been compromised, it’s better to act quickly.
Read Contacts
This permission is self-explanatory—it gives the app permission to browse your contacts and all details of the entries. Apps containing malware will request this permission as it allows direct contact details on your phone.
It gives them access to phone numbers, email addresses, and other sensitive information. After harvesting this data, hackers can either sell the lead or send malicious files through spoofed emails.
Read Social Stream
With multiple social media platforms have a billion registered users, social media is a powerful tool for hackers. Granting this permission allows any application to read the information on your social feeds and accounts. This permission should rarely be granted, regardless of the application.
Write Secure Settings
Your secure settings include the system preferences, which include overwriting system access. These permissions are incredibly rare on Google Play Store as the platform has cracked down on overzealous developers. With minimal exceptions, it’s rarely a good idea to grant a third-party app this permission.
Read Sensitive Log Data
Log files are files on the phone or tablet that record a variety of details. These can include keystrokes, usernames, passwords, and other sensitive data. Granting access to these files allows access to the files on your handset.
A malicious app will take these files and email them to the developer. It’s always wise to second guess an application that requires this app to download.
Process Outgoing Calls
Another self-explanatory permission, the process outgoing calls functionality gives the application to monitor all details of the outgoing call. This includes contacts, phone numbers, conversations, and more.
This permission should be handled with extreme caution, preventing access except under VoIP (voice over internet protocol), video, or communication-based applications.
Specific Apps to Avoid Downloading
Keyboard Applications
Keyboards promise to add creativity and freedom to the user, but these apps can record everything you type. This includes passwords, instant messages, phone numbers, and emails. They can also access your credit accounts and financial information.
Developers have access to sensitive content, which can be a nightmare in the wrong hands. Data breaches can be catastrophic for users, with personal details accessible when they fail to protect their users.
Antivirus Downloads
Antivirus applications are relatively useless for users unless they continuously download applications outside the Play Store. On top of that, most apps collect personal data from the device. This can include browsing history, downloads, contact lists, and camera permissions.
Although an antivirus program is beneficial on a PC, it doesn’t hold the same efficiency on a mobile device. Save yourself the hassle and leave the antivirus applications for the computer.
Flashlight Applications
Almost every smartphone on the market has a built-in light on its device. These applications are obsolete and unnecessary, with many needing excessive permissions to download.
These permissions include contact lists, locations, and even secure settings. These apps are also filled with ads that can drain the battery with extended use.
Free Game Downloads
We’ve all downloaded a few games on our phones; it’s the seemingly perfect way to spend a lazy Saturday. But have you considered the permissions you’ve granted when you downloaded the game?
Most games found on Google Play Store contain invasive permissions, including camera, contact list, gallery, and more.
In 2017, hundreds of games were found to have software called Alphonso in their download. This software accessed the phone’s microphone and gave insight into the conversations and sounds around them.
We thought our phones were listening to us all this time—it may have been the downloaded games.