It seems that millions of users have free Android apps on their mobile phones that can pry into their data. This free Android apps funded by advertising are very popular, but a software with serious vulnerabilities. Actually want through this software ads appear, but she can be also as Trojan horse abuse – warn the U.S. security company FireEye researchers anyway.
The researchers took all free Android apps in the Google play store under the microscope for their investigation, which have been downloaded more than a million times – the risky software package was involved in nearly two percent of free Android apps. The apps have been downloaded more than 200 million times. The researchers assume that the developer of the free Android apps probably did not know how much the libraries included in the free Android apps can harm the users, because it transmits data, what can be easily exploited by third parties. The researchers – say how this software is called and what free Android apps is, probably, so that Cyperkriminelle do not know what free Android apps can use them for their projects.
According to the researchers, the software of free Android apps on all private information on mobile phones can access and copy messages SMS, contacts, and also the call lists to statement of the management server and send. So, for example, the Smartphone user’s email address and a list of all programs installed on your Smartphone are transferred by default. To think also that the program library of free Android apps can always reload a new code from the control server and run without any restrictions on the phone.
That this can lead to huge security gaps on the Smartphone, is clear – new possibilities are given by this free Android apps criminals, to scout out data. According to FireEye, the info will be unencrypted by the library. New software is loaded without backup – for professionals it can be pretty easy this, accessing through the poorly secured software of the free Android apps on your Smartphone to copy contacts or to call fake Web pages, without noticing the user.
Google and the company that is responsible for the software library of free Android apps, were informed of FireEye, allegedly is working now on a hedge.