The two things I see before downloading an App from Google’s Play Store were the number of downloads and the first 10 reviews. If an app has over 1 million downloads chances are that it’s a good app and it is legit but it seems that you can’t trust anyone these days. Even the most proper of apps can have something shady going on behind the scenes. Sadly, Play Store has so many apps that Google can’t vet all of them.
Google has been doing all it can to keep malware and malicious applications off of Play Store but they can only do so much when there are hundreds of thousands of apps to go through. However, this security researcher has you covered apparently. Dr. Web Anti-Virus and their analysts have listed down 10 apps that have over a million downloads but still steal your information.
The ten apps were found to have different variations of a trojan horse program that stole the user’s Facebook login information. They scrape the phone for your login credentials. The apps that they found out are:
- PIP Photo by developer Lillians — 5,000,000+ downloads
- Processing Photo by developer chikumburahamilton — 500,000+ downloads
- Rubbish Cleaner by developer SNT.rbcl — 100,000+ downloads
- Horoscope Daily by developer HscopeDaily momo — 100,000+ downloads
- Inwell Fitness by developer Reuben Germaine — 100,000+ downloads
- App Lock Keep by developer Sheralaw Rence — 50,000+ downloads
- Lockit Master by developer Enali mchicolo — 5000+ downloads
- Horoscope Pi by developer Talleyr Shauna — 1000+ downloads
- App Lock Manager by developer Implummet col — 10+ downloads
The first one is the most shocking. You’d think that an app with over 5 million downloads would not need to sell your information on the side but alas! some developers have no respect for your privacy. Google was alerted about these apps by the researchers and as of yesterday, the apps and the developers have been removed from the Play Store. However, the number of downloads do them that over 6 million people have had their Facebook login credentials exposed.
The most alarming aspect of all of this was that all of the apps were fully functional and were capable of doing all the things they were advertised to do so. This means that you can’t even trust good apps anymore. Anyone could be using your information to make money right now. One way to keep yourself safe is to look at the permission an app requires before installing it.
If you see a permission that isn’t supposed to be there, depending on the nature of the app, then my recommendation would be to just steer clear. Especially someone like myself who uses might possibly use the same password for everything.