Revelations about apps from the Google Play Store sneaking past available protections and collecting gobs of user data without permission are nothing new, but a new investigation has revealed an especially troubling pattern of behavior among one particular set of apps.
A BuzzFeed analysis recently found that several Android apps that happen to be among the most-downloaded on the Google Play Store may in fact have been sharing data they collect. One of the apps in question, a selfie app, has been downloaded more than 50 million times and all of them have reportedly been “committing large-scale ad fraud and abusing user permissions,” according to the report.
Some of the apps in question include:
- Total Cleaner
- Smart Cooler
- Selfie Camera
- WaWaYaYa
- AIO Flashlight
- Samsung TV Remote Control
The main problem here seems to stem from developers exploiting the Google Play Store’s rules and procedures to hide who they are and to offer up apps that aggressively abuse user permissions and commit ad fraud. Among the collection of apps Buzzfeed found that fit this bill are the TV remote app that says it “might” use the microphone in your phone to record sounds while you watch TV, a Chinese-language app for kids that sends personal data to servers in China, and a flashlight app that you’d think would be pretty basic but nevertheless asks for dozens of sketchy permissions.
A Lifehacker followup to BuzzFeed’s investigation notes the apps in question have been downloaded close to a combined 100 million times, thanks in part to the developers hiding their country of origin and who owns the app. One of the things that should have been a giveaway with apps like these, though, is that they asked users for permission to use everything from a user’s location data to their phone sensors as well as personal contact information.
Consider one of the apps we mentioned above. As BuzzFeed notes, the Selfie Camera app had been downloaded more than 50 million times from the Google Play store, and it also maintained a 4.5-star rating after thousands of reviews. In 2017, the report continues, Google highlighted it as one of the most popular new apps in the UK — all of which, you’d think, would seem to give it a stamp of approval.
The app, however, was found to have code that fraudulently clicks on ads without the user realizing it, something that gobbles up data and drains the phone battery (Google banned the app, and several others, after BuzzFeed’s report was published).
To keep yourself safe, Lifehacker offers the reminder to be on the lookout for apps that include a high number of permissions, and especially permissions that seem weird for the app to have in the first place. The AIO Flashlight app we mentioned above, for example, asked for almost three dozen permissions, when a simple flashlight app would only need probably a fraction of that number to operate.