With any major event will now come fake mobile applications to go with it. Security researchers at Webroot found an Olympics application that says it will keep up to date on scores, but really keeps your data.
The Android app called ?London Olympics Widget? pretends to deliver Olympics games results to the downloader, but instead grabs the user?s contact information, GPS location, Internet browsing history, and the phone?s unique identifying number. Perhaps scariest of all, it reads all the SMS messages sent and received on the phone as well.
?There is some confusion on this being a Trojan, this is in fact a Potentially Unwanted Application that contains aggressive add-on SDK?s,? said?Armando Orozco, threat research analyst at Webroot in an e-mail to VentureBeat. ?They are typically advertising add-ons that are capable of displaying advertisements in the notification bar, collecting personal data, creating ad related bookmarks and home screen shortcuts.?
Advertising is growing to be a big issue, as many users start to fear advertisers more than ?the bad guys,? or government surveillance. Indeed, at the Black Hat conference in Las Vegas, a crowd was asked what they were most afraid of Google or the government, and a resounding number of people chose Google.
The app was found on a third party app marketplace, not Google Play.
Between iOS and Android, the latter is much more insecure than the former. Android is much more open than iOS. Phones running Android can download from a number of different sources, whereas iPhones and iPads can only download apps from the Apple App Store, which looks at every single app and makes sure it follows a certain guideline before it goes live.
Apple?s iOS isn?t perfect, however. Apple?s force-field of a sandboxing system didn?t keep out one ?Trojan? app, which was removed in early July. The app, named ?Find and Call? said it was a way to organize contacts, but harvested contacts in the background. On top of that, the app sent spam messages to those contacts, pretending to be the phone-owner, with messages inviting them to download the app.? After being kicked out of the App Store in early July, the developers said the Trojan-like features stemmed from a bug in its system, which was being corrected.
Webroot suggests those looking for an Olympics app stick to the official ones, such as the London 2012 Olympics results app, as well as the BBC app and the NBC app. The company also says you should ?rethink access.? If an app wants access to your contacts or location, you might want to say no.
We?ve reached out to Google for comment and will update upon hearing back.
Olympics image via avail/Flickr
Source: http://feedproxy.google.com/~r/Venturebeat/~3/_hlCY-IuLhA/
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.