According to a report by VPNpro, a Chinese company Shenzhen Hawk launched 24 different shady apps in the Google Play Store which have so far accumulated 382 million downloads. Reportedly, not all these apps came directly from Shenzhen Hawk; the company used a number of different developer names to obfuscate its agenda.
Only some of the apps were ‘mischievous’ in that they asked for permissions beyond their mandate. For example, an anti-virus scanner asked to access your Android camera, which it shouldn’t have.
Zak Doffman of Forbes describes it as follows:
“Of the 24 apps listed in the report, six request access to a user’s camera and two to the phone itself, meaning they can place calls. 15 of the apps can access a user’s GPS location and read data on external storage, while 14 can collect and return details of a user’s phone and network. One of the apps can record audio on the device or its own servers, another can access a user’s contacts.
[…]
Once installed, these apps can communicate with an external server controlled by their developers. By retrieving location and user details, the lowest risk is that this fuels targeted marketing, with user data sold to advertisers who will then be able to personalise unwanted ads for those users. Those servers are in China, and at least one of those apps—Weather Forecast—was reportedly sending user data there. The permissions granted would enable premium calls to be made, websites to be visited and additional malware to be downloaded onto a device“.
List of shady apps
Google has removed all these 24 apps from Play Store but if you have them installed, uninstall them right away manually. List of these apps in descending order of downloads:
- Sound Recorder (100M)
- Super Cleaner (100M)
- Virus Cleaner 2019 (100M)
- File Manager (50M)
- Joy Launcher (10M)
- Turbo Browser (10M)
- Weather Forecast (10M)
- Candy Selfie Camera (10M)
- Hi VPN, Free VPN (10M)
- Candy Gallery (10M)
- Calendar Lite (5M)
- Super Battery (5M)
- Hi Security 2019 (5M)
- Net Master (5M)
- Puzzle Box (1M)
- Private Browser (500,000)
- Hi VPN Pro (500,000)
- World Zoo (100,000)
- Word Crossy! (100,000)
- Soccer Pinball (10,000)
- Dig it (10,000)
- Laser Break (10,000)
- Music Roam (1,000)
- Word Crush (50)
Also check to see if the developer of these apps are one of the following:
- Tap Sky
- mie-alcatel.support
- ViewYeah Studio
- Hawk App
- Hi Security
- Alcatel Innovation Lab
- Shenzen Hawk
It’s more than app deletion
Even if you were smart enough to sense the suspiciousness of these apps, it’s a good reminder to think about what permissions an app should ask for.
If an anti-virus app wants permission to record audio or a solitaire game needs access to location and calendar, it’s best to deny permission up front.
Don’t forget about the app permissions section of Android 10 to see which apps you’ve granted access to. You’ll see the different permission you’ve granted such as contacts, text messages and microphone.
To change an app’s permissions, simply tap on it within categories and switch between “Allow” and “Deny”.
Sticking to top-of-the-charts apps isn’t wise either. The number of downloads doesn’t mean you can blindly rely on Play Store. It’s advisable to read app reviews including third-parties before you agree to install it.
Common sense is the best way to stay safe.
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
