Cybersecurity analysts have discovered two file manager apps available on the Google Play Store that are actually spyware, putting the privacy and security of up to 1.5 million Android users at risk. So, if you have one of the best Android phones with these apps installed, delete them immediately.
The apps are File Recovery & Data Recovery and File Manager, according to a notice this week from Pradeo , a leading cyber security company. The apps, both from the same developer, are programmed to launch without any user input and silently send sensitive user data to servers based in China.
File Recovery & Data Recovery has been downloaded more than 1 million times and about 500,000 people have installed File Manager, according to screenshots of their respective Play Store pages shared in Pradeo’s report.
How your data can be at risk
According to Bleeping Computer, Google just recently banned the apps from the Play Store. The developer behind the two apps is listed as Wang Tom in the Play Store screenshots. So while you may find many apps named File Manager on the Play Store, only the one by developer Wang Tom has been found to be spyware.
The apps say they don’t collect data from the user’s device, but it turns out that wasn’t the case. Pradeo’s behavioral analysis engine found that apps exploit the following data: contacts stored on your device, email and social network contacts, images, audio and video collected in the app, real-time user location, device make and model , mobile country code, network provider name and operating system version number. All this without ever asking permission to collect this information.
While apps may have a legitimate reason to collect some of the above data to optimize performance and ensure cross-device compatibility, most of it is not required for file management and data retrieval functions.
Even more alarming is the sheer volume of data being transferred. Each application runs more than a hundred transmissions, “an amount that is so large that it is rarely seen,” notes Pradeo.
How spyware hides in plain sight — and where to find it
Apps can also abuse permissions granted by the user during installation to reboot the device and launch silently in the background. And deleting them from your phone comes with its own problems. The apps hide their home screen icons to make uninstalling more difficult, as users have to go to their app list in the Settings menu to delete them.
So if you have either File Recovery & Data Recovery or File Manager installed and you don’t see them on your home screen, go to the Settings menu as soon as possible to get rid of them.
Again, the only app named File Recovery that Pradeo found to be spyware lists the developer as Wang Tom. Other File Recovery apps you may come across in the Play Store should be fine, but read on to learn more about how to better protect your device from these types of tactics.
How to stay safe from Android malware
Unfortunately, cybersecurity is like fighting a hydra. You chop off one head and 10 more pop up in its place. If you’re wondering how to best protect your phone from malicious apps on Android, consider equipping it with one of the best Android antivirus apps . Not only can they protect your device from spyware and malware, but they can also protect you from becoming a victim of identity theft.
Even legitimate or seemingly innocent Android apps can be hacked by bad actors. In April, a report found that malicious downloaders purchased on the dark web are enabling hackers to hide malware in legitimate apps to bypass Google’s defenses and end up in the Play Store. Also known as dropper apps, these programs often pose as legitimate software. However, once they clear the Play Store review process, they receive malicious updates from a hacker-controlled server. Their creators often wait until apps have a large user base before pushing out a malware-infested update to target as many users as possible.
Google rolled out several new updates to its Android ecosystem in June, including a handy little security feature that lets you see if your Gmail address has been exposed on the dark web.