In another episode of the battle against malicious app developers, Google has removed a total of 29 applications from its Play Store for Android devices. The apps allegedly harvested email address along with phone numbers and uploaded them to command servers. Along with the help of Symantec, they discovered that the apps which were intended for the Japanese market share a common code and consequentially they believe that one group is behind all 29 of the apps. The first of the apps appeared in early February and was followed by a series of apps that seemed random.
The apps ranged from contact management to diet assistants. The February group of apps were not popular and therefore did not receive many downloads but the series of apps that came in March, all of which with titles of games ending with ‘The Movie’ that were purportedly designed to mimic popular games in Japan and highlight a video to downloaders were much more popular and received between 70,000 to 300,000 downloads. Once the app is installed, it connects to the internet to download the related video file but at the same time it uploads all the contact information which includes names, phone numbers and email addresses in the device.
With the consideration that an average smartphone contains between 50-75 contacts, it could mean that potentially over 2 million contact details were harvest and presumably sold to spammers or for identity thefts. Joji Hamada of Symantec said, “The Tokyo Metropolitan Police Department has begun investigating this incident and is attempting to track down the developers.” Now that the police are on the case, all we can hope for is that the malicious app developers are caught and just for your own peace of mind, remain vigilant and question even the smallest discrepancy before downloading an app from anywhere.