Google has taken several security measures to keep malicious apps from appearing in its Play Store, but there's a lot of work to be done. After a series of incidents about malicious apps spying on users, secretly stealing money and sensitive information, another app has been flagged by a London-based mobile technology firm, Upstream.
According to Upstream's security notice, the malicious app is disguised as a useful weather app called Weather Forecast: World Weather Accurate Radar and it is a repeated offender. The firm had exposed the weather forecasting app's malicious activities back in January, post which it was withdrawn from the Play Store. But it's back now!
"This weather app has lain low until the storm passed before returning to its old ways – with a spike in its rogue behaviour just a couple of months after it was reported, followed by continuous suspicious activity in deliberately regulated volumes to continue siphoning funds while remaining below the radar," Upstream CEO Guy Krief said in a statement.
What's the risk?
Weather Forecast app is developed by TCL Communications and accused of making digital purchases of premium services without the knowledge of the phone's owner. Upstream discovered 34 million new suspicious transaction attempts in just six months, most of which were targeted towards Alcatel Pixi4 owners. The malicious weather app attempted to subscribe nearly 700,000 Alcatel users to premium services without their knowledge during the same period of time.
"Unchecked, these apps can create billions of dollars of fraudulent advertising revenue while seriously impacting consumers' pockets and mobile service experience by eating up their data, incurring unwanted charges and affecting the performance of their phones," Krief warned.
What should you do?
One of the best practices before downloading any app is to check the developer, reviews and the permissions. If certain apps, like Weather Forecast, come preinstalled in a new phone, it's best to review their permissions as well. If anything seems suspicious, it is best to uninstall such apps.
Upstream suggests users Alcatel Pixi4 owners check their phones for suspicious behaviour, check mobile transactions and also watch out for increased data usage. These are some biggest tells for malicious apps on your phone.
"The mobile advertising fraud market is worth some $40bn annually. Hiding within seemingly legitimate and often popular applications, undetected malware is damaging the industry's reputation and leaving mobile operators and their consumers to pick up the tab. The scale of the problem can no longer be ignored, and security must become the mobile industry's number one priority," Krief noted.