Other issues in this category (98)
Allow, agree, approve: How we let applications steal our data
Tuesday, March 15, 2022
Allow, but verify
As a rule, the more features a software program has, the more permissions it requires to work correctly. Usually we agree to all terms and conditions indiscriminately, not expecting dirty tricks. Ah well, some new game on a smartphone is asking for all kinds of access! Without looking, most users will press the “agree to everything” button, just to plunge into the virtual world as soon as possible.
However, this approach is accompanied by irreparable losses. When it comes to applications for mobile devices, it is not uncommon for fake games to appear in official catalogues like Google Play or AppGallery. For example, just recently this big story happened: a trojan was built into dozens of games that were downloaded by more than 9 million users. Android.Cynos.7.origin was integrated into apps primarily designed for children. It asked for permission to view the phone book, but, in reality, it stole not only the contacts but also the mobile phone number, device location information, technical specifications, meta data, and a heap of other important information. Read more about this incident in our recent news post.
Sadly, such stories regularly happen in the world of mobile gaming. Attackers penetrate even the games of well-known developers, but more often they use another poven scheme: they declare to the marketplace that an application is technically “clean” and safe and hide trojans in it after its release. For example, very often popular catalogues like Google Play unknowingly distribute malicious applications.
What data do the applications' authors get?
Often when a program is first launched, a notification (the end-user license agreement) pops up on the screen. Usually almost nobody reads it—users quickly scroll through it and confirm their agreement with the rules. But its text remains unknown. Perhaps by agreeing thoughtlessly, you allowed the software authors to freely distribute your confidential data.
The Anti-virus Times recommends
- Give applications only those permissions they need.
- Scan the applications installed on the smartphone or any other device that your child is using.
- Don't forget to update Dr.Web regularly and renew your license. Our products block all the ways used by threats to spread, even the most unexpected ones.
- Read our news posts about cybersecurity—what if malware has already infected your device, but for some reason you haven’t yet installed Dr.Web?
- Install programs only from official sources, but remember that attackers can get into those places as well.
- Be careful and use software only from developers you trust.