Researchers Find Google Play Store Apps Were Actually Government Malware (vice.com) 41
Security researchers have found a new kind of government malware that was hiding in plain sight within apps on Android's Play Store. And they appear to have uncovered a case of lawful intercept gone wrong. An anonymous reader writes: This new case once again highlights the limits of Google's filters that are intended to prevent malware from slipping onto the Play Store. In this case, more than 20 malicious apps went unnoticed by Google over the course of roughly two years. Motherboard has also learned of a new kind of Android malware on the Google Play store that was sold to the Italian government by a company that sells surveillance cameras but was not known to produce malware until now. Experts told Motherboard the operation may have ensnared innocent victims as the spyware appears to have been faulty and poorly targeted. Legal and law enforcement experts told Motherboard the spyware could be illegal. The spyware apps were discovered and studied in a joint investigation by researchers from Security Without Borders, a non-profit that often investigates threats against dissidents and human rights defenders, and Motherboard. The researchers published a detailed, technical report of their findings on Friday.
Lacking information (Score:5, Informative)
Is anyone else tired of hearing about this sort of stuff (malware found in apps or whatever), where no one tells us what apps they determined to be malicious? Well, here ya go [securitywi...orders.org].
Re: (Score:1)
Re: (Score:2)
I was hoping they would name which government, as well.
RTFA, it was Italy.
Re: (Score:1)
Meh ... whatever ... (Score:1)
At this point, I assume that 99% of all apps are written by assholes, fucking assholes, and complete morons.
If they're not intentionally spying on you and not telling you, or actively being malware and scamming you, they're written by incompetent morons and still leaking your personal data.
I've given up on looking for, or caring about apps, and have been just un-installing most of them.
Most of them are little more than ad platforms at best, or trying to steal your money.
The state of mobile apps has been red
Re:Meh ... whatever ... (Score:5, Funny)
"We use cookies to improve your* web site experience"
* your adj : our e.g. "We improved your experience by telling a targeted ad company exactly what you click on, so they can improve our wallet experience."
Re: (Score:3)
Apps were good and interesting for a while, but they've pretty much degraded to ads and analytics, with shit privacy. Fuck that.
That's true, that's true.. but there are still bizarre little apps that are useful and don't send data back to the mothership.. Gun Log SPC is godsend for avid shooters - it's the best gun / ammo / maintenance log i've seen, there's one called Mainspring that lets you tape your earpiece mic to the crystal of a watch so you can time it (a poor man's watch timer), ClockMaster (same but for clocks, better async detection). There's the various SPL meters.
But I agree. Apps have for the most part turned into ad
Re: (Score:2)
"Gun Log SPC is godsend for avid shooters"
And a godsend for those wishing to possibly prove intent in a court of law.
Fucking moron, ANY data can be used against you (Hence why "anything you say can and will be used against you in a court of law.")
Stupid fucking git. Advertising your ammo capacity to the government which should have no business in your 2nd Amendment rights.
Re: Meh ... whatever ... (Score:2)
Ok, trollski comrade red. I'll bite. The app does not send data anywhere. It stores it locally.
Other than being more convenient to me how is it any more of a risk than a spreadsheet in my pc or a paper and pencil notebook on me desk holding the same info?
There's properly paranoid and then there's you.
Re: (Score:1)
That's definitely not what I see in the Debian/Ubuntu repos.
Ah, mobile. Yes, the form factor where we suddenly rejected & un-learned every painful lesson we had learned over the last few decades. I'll agree with you there: mobile has been a regressive disaster so far. Apple and Google are the new Mic
Re: (Score:1)
It's actually a few more than 3 lines if you don't want it to create a giant security nightmare.
Re: (Score:2)
Re: Meh ... whatever ... (Score:2)
That website looks kinda shady. And I don't see source code available anywhere.
Try NetGuard (https://www.netguard.me/). Same idea but FOSS. Works great for me.
Crap (Score:3)
Re: (Score:2)
Re: (Score:2)
Run new apps through a proxy... (Score:3)
It's a pretty good idea to run new apps in an environment where you can monitor network traffic and see what they are sending.
Re:Run new apps through a proxy... (Score:5, Insightful)
"It's a pretty good idea to run new apps in an environment where you can monitor network traffic and see what they are sending."
Yeah. Everyone should do that the next time they install and/or update any app. It makes sense and we all love and know how to analyze network traffic. I'd also add waiting at least a year before using the app on a live device just in case it waits a while to exfiltrate data.
Or, we can all use burner phones and rotate them monthly so its harder to be tracked. That would literally be an easier solution than isolating, monitoring, and analyzing network traffic for each app and determining they are not doing anything suspect.
Don't bother telling us which apps are malware (Score:3)
That would be way more information than anyone could possibly want from an article like that. We want the ads and the fluff you create around it, certainly not the information which apps to avoid.
Oh, please (Score:3)
You act is if Attorney General Barr authorized illegal wiretapping on all overseas telephone and other communication on Americans back during Iran-Contra, and never got legal authorization for any of this.
Personally, I enjoyed visiting the Yakima facility back in the day.
Now you act all shocked they upload apps designed to spy on you.
FTFY (Score:2)
"Researchers Find Google Is Actually Government Malware"
FTFY.