Chinese Android spyware apps impact up to 1.5M users

Up to 1.5 million Android users have been impacted by two spyware apps impersonating file management tools named "File Recovery and Data Recovery" and "File Manager" in the Google Play store that send exfiltrated data to China-based servers, reports The Hacker News. Both apps, which were from the same developer, facilitated the collection of personal information, including contact lists, real-time location, media files, SIM provider network code, mobile country code, and device brand and model, as well as operating system versions, without user consent, a report from Pradeo revealed. Data collected by the apps were then delivered through more than 100 transmissions to numerous servers in China. "These apps have been removed from Google Play. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources outside of Play," said a Google spokesperson in a July 10 statement. Artificial boosting of app downloads has been implemented by attackers to establish both apps' legitimacy, while advanced permissions have been integrated into the apps in an effort to make uninstallations more challenging, according to researchers, who recommended users to be wary of app ratings and permissions.