Cybersecurity analysts uncovered two file management apps available on the Google Play Store that are actually spyware, putting the privacy and security of up to 1.5 million Android users at risk. So if you have one of the best Android phones with these apps installed, delete them right away.
The fishy apps are File Recovery & Data Recovery and File Manager, according to an alert this week from Pradeo, a leading mobile cybersecurity company. The apps, both from the same developer, are programmed to launch without any input from the user and quietly send sensitive user data to servers based in China.
File Recovery & Data Recovery was downloaded more than 1 million times, and roughly 500,000 people installed File Manager, according to screenshots of their respective Play Store pages shared in Pradeo's report.
How your data may be at risk
Per Bleeping Computer, Google only recently kicked the apps off the Play Store. The developer behind both apps is listed as Wang Tom in the Play Store screenshots. So while you may find several apps named File Manager in the Play Store, only the one with the developer Wang Tom has been found to be spyware.
The apps say they don't collect any data from the user's device, but it turns out this wasn't the case. Pradeo's behavioral analysis engine found the apps exfiltrate the following data: contacts saved in your device; email and social network contacts; pictures, audio and video compiled in the app; real-time user location; device brand and model; mobile country code; network provider name; and operating system version number. All without ever requesting permission to collect this information.
While the apps may have a legitimate reason to collect some of the data above to optimize performance and ensure compatibility across devices, most of it is not required for file management and data recovery operations.
Even more alarming is the sheer amount of data being transferred while the user's none the wiser. Each app performs more than a hundred transmissions, "an amount that is so large it is rarely observed," Pradeo notes.
How the spyware hides in plain sight — and where to find it
The apps can also abuse the permissions the user approves during installation to restart the device and quietly launch in the background. And deleting them off your phone comes with its own hoops. The apps conceal their home screen icons to make uninstallation more of a hassle, as users have to go to their application list in the Settings menu to delete them.
So if you have either File Recovery & Data Recovery or File Manager installed and you don't see them on your home screen, head to your Settings menu ASAP to get rid of them.
Again, the only app named File Recovery that Pradeo found to be spyware lists the developer as Wang Tom. Other apps titled File Recovery that you may come across in the Play Store should be fine, but read on to learn more about how to best protect your device from these kinds of tactics moving forward.
How to stay safe from Android malware
Unfortunately, cybersecurity is like fighting a hydra. You cut off one head, and 10 more pop up in its place. If you're wondering how to best keep your phone protected from malicious apps on Android, consider equipping it with one of the best Android antivirus apps. Not only can they shield your handheld from spyware and malware, but they can also keep you safe from becoming a victim of identity theft.
Even legitimate or seemingly innocent-looking Android apps can become compromised by bad actors. In April, a report found malicious loader programs bought on the dark web are enabling hackers to hide malware in legitimate apps to get around Google's defenses and end up on the Play Store. Also known as dropper apps, these programs often present themselves as legitimate software. But once they've cleared the Play Store's review process, they then receive malicious updates from a hacker-controlled server. Their creators often wait until the apps have a large user base before pushing a malware-infected update out to target the most users as possible.
Google rolled out several new updates to its Android ecosystem in June, including a handy little security feature that lets you see if your Gmail address has been exposed on the dark web.
