This may not affect you but you might want to check if you’re using an Android file management app by “tom wang.” Between two such utilities, there are 1.5 million known installs. The apps are still listed on the Google Play store:
Apps with 1.5M installs on Google Play send your data to China
One app is just called “File Manager” while the other one is “File Recovery and Data Recovery.” On the Google Play store, according to the article, the app requires no permissions related to data. Under the hood, here’s what it actually sends back to its masters:
- Users’ contact list from on-device memory, connected email accounts, and social networks.
- Pictures, audio, and video that are managed or recovered from within the applications.
- Real-time user location
- Mobile country code
- Network provider name
- Network code of the SIM provider
- Operating system version number
- Device brand and model
This covers quite a bit, especially the images and video part. Needless to say, people keep things on their phones they wouldn’t want anyone to know about, and this app exposes that information to the Chinese app maker.
I’ll leave you this week with a quote from the article:
“It is likely that the publisher used emulators or install farms to bloat popularity and make their products appear more trustworthy, Pradeo speculates.
“This theory is supported by the fact that the number of user reviews on the Play store is way too small compared to the reported userbase.
“It is always recommended to check user reviews before installing an app, pay attention to the requested permissions during app installation, and only trust software published by reputable developers.”
Have a great week!
Image credits are “Android Firewall” by Uncalno is licensed under CC BY 2.0.