Security News > 2023 > July > Apps with 1.5M installs on Google Play send your data to China
Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what's needed to offer the promised functionality.
The apps, both from the same publisher, can launch without any interaction from the user to steal sensitive data and send it to servers in China.
Despite being reported to Google, the two apps continue to be available in Google Play at the time of publishing.
The two apps were discovered by the behavioral analysis engine from mobile security solutions company Pradeo and their description states that they do not collect any user data from the device on the Data Safety section of their Google Play entry.
While the apps might have a legitimate reason to collect some of the above to ensure good performance and compatibility, much of the collected data is not necessary for file management or data recovery functions.
Roid apps with spyware installed 421 million times from Google Play.
News URL
Related news
- Fake Trading Apps Target Victims Globally via Apple App Store and Google Play (source)
- ‘Pig butchering’ trading apps found on Google Play, App Store (source)
- Over 200 malicious apps on Google Play downloaded millions of times (source)
- Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites (source)