The regularity with which we have to write the kind of story that follows is unfortunate, but the fact of the matter is that it’s time to alert you once again to the presence of a batch of sketchy and possibly even dangerous apps found on the Google Play Store. It includes 24 apps covering everything from weather to calendar and camera functionality, some of which are malware-laden and request all sorts of potentially nefarious permissions, all of which Google has booted off the Play Store — but not before they racked up some 382 million downloads.
Details about these apps comes from a report via VPNpro, which notes that “Our research has uncovered that they’re … asking for a huge amount of dangerous permissions, potentially putting users’ private data at risk. These dangerous permissions include the ability to make calls, take pictures and record video, record audio, and much more.”
The report’s bottom line is that the apps in question come via a Chinese company that VPNpro says has a history of malware, rogueware and unethical practices. And that these apps also ask for a large amount of unnecessary and dangerous permissions. One of the company’s apps, the report goes on to note, is called Weather Forecast and was apparently “caught collecting user data and sending it to a server in China.” Another of the apps in this batch of 24, called Candy Selfie Camera, reportedly requested the following app permission names:
- Access coarse location (A permission that lets apps gather a user’s general location via Wi-Fi and/or mobile cell data)
- Access fine location (Even more worrying than the one above. Most apps don’t need this, and it’s a permission that gives more exact data about your location)
- Camera
- Get accounts
- Read external storage
- Read logs
- Read phone state
- Write external storage
Another app, Sound Recorder, wanted access to the phone’s camera. We’ll name all the apps below in just a moment, but what’s also interesting is the Russian Doll-type company structure the VPNpro report found behind these apps, which the report traces to a Chinese company called Shenzhen HAWK. It’s connected to a number of different app developers, the implication being that not having all the apps come from the same identifiable source might make it harder for all the sketchy apps to be spotted.
Back in 2017, the government of India told its military services to get a number of Chinese apps off of its phones. One of them was Virus Cleaner 2019 — an app which is on this new list below.
Shenzhen HAWK is a subsidiary of a major Chinese electronics giant, the partly state-owned TCL Corporation. The 24 apps the report warns everyone to get rid of are the following:
- Sound Recorder
- Super Cleaner
- Virus Cleaner 2019
- File Manager
- Joy Launcher
- Turbo Browser
- Weather Forecast
- Candy Selfie Camera
- Hi VPN, Free VPN
- Candy Gallery
- Calendar Lite
- Super Battery
- Hi Security 2019
- Net Master
- Puzzle Box
- Private Browser
- Hi VPN Pro
- World Zoo
- Word Crossy!
- Soccer Pinball
- Dig it
- Laser Break
- Music Roam
- Word Crush
