Privacy Defense Battle from Google Play Apps

Background_Privacy

Author: Tianfang Guo, Jinjian Zhai

According to our recent scan of the Google Play Store, a list of more than 400 apps have been detected as containing potentially risky behaviors that compromise a user’s privacy. The Trustlook Mobile Security & Antivirus security database includes this latest list for your protection. The detailed analysis can be found in a separate blog to be released. The full list of apps can be found here.

What will happen if I install one of these apps?

All these apps contain risky behavior:sending sensitive information, including phone numbers, contacts, SMS, photo gallery and geolocation, without the user’s specific knowledge. Once the apps’ vendors have collected this data, it could be used for adware network identification or sold to other firms.[1]

Are they malware?

Not exactly, as most of them are not built for malicious purposes, per se. Yet they do use Google Play’s policy corner case (GP developer policy). Furthermore, some of the apps have a user base of more than 10M, which creates a privacy risk greater than most viruses.

What can you do to protect your phone?

When you open one of the apps in the list, you should be aware that some of your personal information can be collected. Try to find an alternative app or do not open them unless it’s absolute necessary.

How does Trustlook discover them?

Trustlook built a cloud-based crawler system which efficiently mines data and collects APKs from various app markets in multiple countries. Once collected, apps are analyzed by behavioral analysis engine to expose the questionable behavior.

Unlike most Antivirus software, Trustlook does not only simply analyze the apps statically, but runs them in a native environment to best monitor dynamic behavior A detailed analysis is generated with highlighted behavior and potential use case security risks.

In this sample, the contact list is captured by the app, and sent to a remote server:

Screen Shot 2015-04-22 at 5.20.59 PM

What’s more, Trustlook’s analytics platform has implemented a cutting edge “taint analysis”, which captures all sensitive data flow in the memory, and detect the risky behaviors as soon as the sensitive data appears in the outbound traffic. Such techniques can detect any new malware and 0-day attacks ASAP, protecting Trustlooks users privacy in a timely manner.

The next risky apps report will be released soon, so stay tuned!

Reference
[1] https://www.fireeye.com/blog/threat-research/2014/03/a-little-bird-told-me-personal-information-sharing-in-angry-birds-and-its-ad-libraries.html

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s