Advertising SDK Found in Over 500 Android Apps Was Stealing Your Data
Android apps are fun to use, but they are also extremely unreliable; especially when you have companies installing stealth SDKs to steal your personal information. An advertising SDK developed by Chinese firm Igexin did exactly what you were afraid of – it steals information from your phone and sends it to the servers of a Chinese company. It affected over 500 apps on the PlayStore.
How Does it Steal Data?
Notice when you install an app, you’re asked for access information? When you allow an app to access all information, you’re also basically allowing it to use that information when needed. This is why you should be very careful when installing apps and try to understand why would a picture editing app, for example, want your access to your call log or why would a game app want access to your gallery. This SDK performs on exactly the same mechanics – you allow the apps permission to access your information and immediately after that a malware is downloaded and the device begins to send information back to the server.
How Did Researchers Find Out?
A research team from the Lookout Security Intelligence discovered the SDK when they noticed malware samples were being downloaded to new and clean phones. On further investigation, they discovered that the SDK affected over 500 popular apps with an average of a 100 million downloads across the Android ecosystem. According to the Lookout team, the apps containing the SDK were games, weather apps, internet radio, photo editors, educational, health and fitness, travel and home video camera apps – these are the most popular app categories in the PlayStore.
In the event of this discovery, Google had to remove all the affected apps from the PlayStore. Some were updated and replaced with newer versions and their invasive features removed.
How to Stay Protected from Mobile App Malware?
As much tempting, it is to install different apps and test them out on your beloved phone, avoid doing so. Apps from unknown developers, apps with no official presence of developers and apps with fake reviews are suspicious and should not be installed. Mobile malware, especially on Android, is on the rise especially since Android is the main OS used in millions of smartphones worldwide. Blackberry, Nokia, Motorola, HTC, whatever your smartphone brand, it runs the Android system. This makes it the most vulnerable platform since the system is being accessed by billions of people worldwide. Cyber criminals have doubled their effort to extract valuable information from Android users and what’s the best way they have to do that? Use Android apps because there is no additional coding required to bind Android apps with malicious programs.
If you want to protect your data from cyber criminals, practice these essential safety protocols:
Download Only from Official Store
Do not download apps from any other platform other than the official PlayStore. Agreed, the store can have apps with malware like this incident, but the good thing is culprits get caught, apps get removed and you can get the support you need.
Read Reviews and Do Not Download Suspicious Apps
Reviews are your best friend. Again, there could be tons of fake reviews, but if you’re a modern age tech user you’d probably know by now which of them are fake and which are real. Reviews that simply say, ‘love it!’ probably aren’t to be trusted.
Download from Verified Developers
There are some developers with a check mark on their profile. Try downloading apps from them. Or better yet, before you download the app, check the developer’s profile. Are they creating legit apps? What are the updates they provided to the app?
Do Not Neglect Software Updates
If there’s a legit software update, get it. These updates protect your device from bugs and provide security enhancements to make your mobile more secure.
Get an Antivirus App
Use only legit anti-virus apps like Symantec, Bitdefender or Lookout. And avoid at all costs those RAM cleaners and Storage Cleaners because Android systems now come with their own default Storage and RAM cleaner apps.
As an end user, you can’t always prevent malicious activities, but you can play your part in keeping your mobile safe as much as you can.