Another dangerous permission is the install shortcut.There's very little review of these apps or the companies that submit them. The app store is the Wild West.
Bill Anderson, chief product officer at mobile security company OptioLabs
"It sounds quite innocuous," he said. "But it turns out that it lets you replace the home screen with its own home screen for login, so it could have its own code for you to open up the Android phone. They didn't do this, but it offers an opportunity to do ransomware -- I could charge you money to unlock your phone."
It's the most egregious abuse of permissions he's ever seen, Anderson said.
On the app's Facebook page, there are numerous complaints from users about the spyware and, even more complaints about the fact that the app automatically reinstalls itself after it's been deleted.
Anderson warned users to pay attention to the permissions for any new app that they download.He added that the Google Play app store wasn't doing enough to protect users.
"There's very little review of these apps or the companies that submit them," he said. "The app store is the Wild West."Anderson said that his company began to pay attention to this app because of a recent report byPentest.
According to Pentest, the app violated Google policies about deceptive behavior by replacing the lock screen with one that shows ads without telling users, by hiding notifications, by making removal difficult, and by sending information to third parties without the users' knowledge.
Source: CSO Australia
Sign up for CIO Asia eNewsletters.