Jump to content

Android App Caught Stealing User Photos and Videos


Petrovic

Recommended Posts

Google has removed an Android app from the Play Store after security researchers from Symantec noticed the application was secretly scanning and stealing personal photos and videos from users' devices.

 

The app is HTML Source Code Viewer, and it was developed by a developer named Sunuba Gaming. At the time Google removed it, the application had between 1,000 and 5,000 installs.

 

The app's moniker is self-explanatory, and it allowed users to view the source code of a Web page. Users only had to enter a URL, and the application retrieved that site's source code and printed it on the screen.

 

According to Symantec, the app did a little more than that. They say that HTML Source Code Viewer contained code that scanned the local "/DCIM/Camera" and "/DCIM/100LGDSC/" folders, the standard location on Android devices for storing images and videos.

 

The app then took all the data it found and uploaded it to an online server located in Azerbaijan, at proqnoz.info.

 

The app's latest update dates back to January 2015. Symantec says that it managed to access the server folder where all the data was uploaded, and it found images and videos dating back to March 2015.

 

"This personal media could be used for blackmailing, ransomware attacks, identity theft, pornography, and other forms of victimization," Symantec's Shaun Aimoto explains.

Article source

Link to comment
Share on other sites


  • Replies 3
  • Views 632
  • Created
  • Last Reply

A phone is not a computer.  All these 3d party apps are just an invitation to hack your phone data.  Browsers on your computer allow you to view page source without an additional app.  I don't know if they will on a phone or not but then I don't use my phone to do the job of a computer and I don't install a bunch of 3d party apps.  Where do you draw the line between something useful and something that is a potential security lapse?  Sicherheit über alles!  Sometimes people carry this connectivity thing to far.  I set my phone to automatically shut off all connections at 8 p.m. and turn them on at 8 a.m.  It's a portable phone for my benefit and no one else's and if you want to talk work outside of work hours you better pay  me more otherwise you wait.

Link to comment
Share on other sites


Google let devs to do it. Why not? Half of apps on playstore do illegal stuff. Firewall supposed to be integrated since android first versions. Handling software access also had to be done from the very beginning, ironically they've implemented something close to it on the latest android version. All android users are vulnerable to stealing private info, stalking; who uses older versions of Android, also those who give access without considering why that app requires weird permissions.

Link to comment
Share on other sites


SnakeMasteR

There are probably too many apps that need more permission than really required but does it really matter what kind of device it is that has access to the internet? It can only be stolen what you store on your device and the more (personal) data you have, the higher the (privacy) damage in case it gets sucked into the www for whatever reason.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...