Android Privacy Vault Apps steals Data and Photos

[German]Security researchers from CyberNews warn about the use of Android Privacy Vault apps from the Google Play Store, which are promise to protect private data. But an analysis has shown that 30 so-called Privacy Vault apps misuse the entrusted data and infect the devices in worst case with adware or malware.


Advertising

‘Turn the goat into a gardener’ – crossed my mind, when I received a report from CyberNews security researchers these days. Actually, more and more users are developing an awareness of privacy. A few days ago I came across this article. The statement: Half of the Americans have decided against using a product or service for privacy reasons.

Obviously more and more people want to keep their most sensitive private pictures, videos, passwords and messages safe from hackers. Privacy Vault apps are booming and many people are downloading free Android apps from the Google Play Store for this purpose. 

Privacy Vault Apps: Wolf in sheep’s clothing

Security researchers from CyberNews have been looking at popular privacy vault apps from the Google Play Store and have come up with shocking results.

The principle of the privacy vault

With a Privacy Vault app, users store all their sensitive data in a secret, password-protected (or even encrypted) folder on the Android device. This way, even if third parties get access to a smartphone or tablet, they can’t, or can only with difficulty, access the protected sensitive data.

The problem: As a user, I have to trust the app’s developer first of all, that he knows his job and that the app does not contain any bugs, so that the data is still accessible or lost due to faults. And I have to be sure that the developer of the app does not misuse the data. Because the developer also has access to all sensitive data in the Privacy Vault app!


Advertising

30 Privacy Vault Apps analyzed

Security researchers from CyberNews have viewed 30 Privacy Vault apps from the Google Play Store, and published their findings in a report here. Some of these apps spy on users and sell sensitive data to advertisers. And there are apps that even infect smartphones with adware or malware when they are installed.

  • Security researchers mentions the app Vault – Hide Pics & Videos, which has been downloaded and installed many millions of times. The app promises to protect private photos and videos on the smartphone, cloud backup, etc. However, according to CyberNews, the app is identified as malware or spyware. But instead of removing the app from the Google Play Store, the developer (which functions as Wafer Co, but is cxzh.ltd and is based in Hong Kong) simply renamed it by changing a single word and offers the app and 19 other apps to unsuspecting users to date.
  • Then there is Security Master – an all-in-one privacy, anti-virus and VPN app with 500 million installations. It was found that the developer Cheetah Mobile “collects all kinds of private web usage data” and has also committed ad fraud. The app Security Master was removed from the Play-Store on March 3, 2020.
  • And the security researchers are still naming Video Hider – Privacy Lock, a privacy app that apparently does not request or require permission to use the camera. When opening the camera app, this privacy app takes a picture of the user if he or she enters a wrong PIN.

They have tested 30 apps that are still available in the Google Play Store, with terrible findings. Here’s a brief summary:

  • 18 of the top 30 apps are offered by developers from China or Hong Kong
  • One app can create selfies of the user without the user’s consent.
  • One app developer is accused of ad fraud and since he was banned, half a billion app installations had to be deleted from devices.
  • Two of the top 10 app developers in the industry, with a total of more than 60 million downloads, use identified malware to spread infected apps.
  • Another app from a Vietnamese developer also spreads malware (banking trojans).

Toho Soft Malware-List

  • The apps consistently request up to 14 critical (average 4) permissions, most of which are unnecessary for the app to work.

The security researchers recommend that such apps be uninstalled immediately and advise you to think twice before installing such a free stuff onto your smartphone. Further details on the findings of the security researchers and a list of the apps affected can be found in this CyberNews article.


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Android, Security and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *