Google removed one of the most popular apps in its store after it was discovered that the app secretly collects personal and sensitive information stored on the phone without the user's permission
The Flash Keyboard app has more than 50 million downloads in the store Google, And was ranked 11 in the most popular application chart. The name of the app strongly suggests its purpose - the app is a replacement for the standard Android keyboard. The application developed a company that answers the name DotC United.
An investigation by a UK security company named Pentest has found that the application violates Google 's policy Google By presenting misleading activity. It was found that the app requests more permissions on the device than it is required to, including a request for administrator permission in order to make its removal more difficult. Thus it has the ability to "snatch" the user's screen to show him advertisements as well as collect personal details and pass them on to a third party without the user's approval.
The app also requires access to the phone's Bluetooth connection, its geographic location based on chip God-GPS And status Wi-Fi - Features that are definitely weird that a keyboard app requires. In addition, the application requests access to close processes in the background of the device, access to read text messages and a request to remove notifications about downloads.
It was discovered that all the information the app collects on the user without his permission is sent to remote servers in the United States, Holland and China. Some of the information collected included details such as the device manufacturer, model number of the device, version Android, Email Address, SSID, IMEI, Cellular Network, CoordinatesGPS Device and more.
"Google's store is becoming a preferred platform for cybercriminals," says Gil Neulander, CEO of ESET Israel. "There are a number of things to keep in mind when downloading an app, even in Google's official store. Unlike Apple, the apps that are uploaded to this store do not go through any approval or filtering process. Before you install an app check if it has received a good rating, if the developers have Apps More, what their site looks like, what other surfers have written who have already installed the app and it is also very important to pay attention to what permissions the app asks for. "Just as a keyboard app should not ask for so many permissions.
As part of the process of purchasing or installing the application on devices Android, You are asked to read and confirm the permissions the app requests - do not skip this step. Apps For spreading spam or other Android scams will try to gain access to a large amount of sensitive information, such as your SMS messages, your network traffic, etc. If the application you want to install requests access to sensitive information or options such as 'Make calls' and all in all it is a screensaver, editor תמונות Or an alarm clock - do not install it, it is most likely an application with malicious intent.