Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what’s needed to offer the promised functionality.
The apps, both from the same publisher, can launch without any interaction from the user to steal sensitive data and send it to servers in China.
Despite being reported to Google, the two apps continue to be available in Google Play at the time of publishing.
File Recovery and Data Recovery, identified as “com.spot.music.filedate” on devices, has at least 1 million installs.
The install count for File Manager reads at least 500,000 and it can be identified on devices as  “com.file.box.master.gkd.”
The two apps were discovered by the behavioral analysis engine from mobile security solutions company Pradeo and their description states that they do not collect any user data from the device on the Data Safety section of their Google Play entry
However, Pradeo found that the mobile apps exfiltrate the following data from the device:
Full Link ( Here )
© CopyRights RawNews1st
