A recent Buzzfeed article points out that several popular Android apps available on the Google Play Store have been collecting and storing sensitive user data without encryption or permission.
This particular instance is more alarming than previous — not only are some of the most-downloaded apps on the Google Play Store implicated in the report, they also happen to be developed by Chinese companies that may be sharing collected data with the Chinese government.
Which apps to delete right away
These are the apps that have been implicated in Buzzfeed’s investigation. If you have any of these installed on your phone, delete them now:
- Selfie Camera
- Total Cleaner
- Smart Cooler
- RAM Master
- AIO Flashlight
- Omni Cleaner
- Emoji Flashlight
- Samsung TV Remote Control (via Peel Technologies, Inc.)
How to avoid apps like these
Don’t feel bad if yours were among the nearly 100 million combined downloads for these apps. The developers obfuscated otherwise damning information — such as country of origin and the company who owns the app — that would normally raise red flags.
However, as Buzzfeed’s investigation points out, each app asked for way too many app permissions, including “dangerous” permissions such as location data, access to phone sensors or personal contact information. This is an indicator of a suspicious app.
Large corporations collecting our data and resetting passwords after every major data breach can feel like an inevitability we just have to accept in 2019. But there are ways to protect your data and privacy.Read more
Google blacklisted six of the above apps — Selfie Camera, Total Cleaner, Smart Cooler, RAM Master, AIO Flashlight and Omni Cleaner — in response to Buzzfeed’s reporting, and updated how it will evaluate permissions and developer accounts going forward, but even so, it seems to be far too easy for malicious developers to dupe the Google Play Store.
Here are our recommendations for staying smart about your app downloads:
- Use a trusted mobile anti-virus app to scan apps and files before you install them.
- Don’t download apps with overwhelmingly poor reviews.
- Furthermore, pay attention to what the reviews are actually saying; companies can inflate their ratings with fake reviews to drown out the negative ones. If you see any reviews calling out shady behaviour, false advertising and so on, steer clear.
- Look out for apps with a high number of permissions, or permissions that don’t make sense for the app. For example, the AIO Flashlight app asked for 31 total permissions. No legit flashlight app requires anywhere near that many in order to run.
- Review an app or app developer’s security policy. This can often be found with a quick web search if none is openly provided. If the policy seems flimsy, is hosted from a dubious location (such as Selfie Camera’s random Tumblr page), or if there doesn’t seem to be a security policy, period, skip the download.
- In general, do not download apps from devs you don’t recognise. If you do, search the app online and seek out professional reviews and user feedback from tech sites and forums.
- Be extremely cautious when downloading APK files from unofficial sources.
It’s the perfect example of why any third-party apps from developers you don’t already trust need to be scrutinised.