• Subscriber/Sign In
  • Register
  • About Us
isssource.com
  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • News
    • Careers
    • Government
    • Incidents
    • Industry Voices
    • Products and Services
    • Sending it Your Way
    • Technology Update
    • Views
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • Membership Contents
  • Archives

Breaking News

  • Rockwell Working on PowerMonitor 1000 Fix
  • Horner Clears Cscape Vulnerability
  • Delta Fixes it Industrial Automation CNCSoft
  • Intel Has Fix for Data Center Manager SDK Holes
  • Thermal Fatigue Led to MS Gas Plant Blast …
  • … 3D Model of Failed Heat Exchanger
  • Fukushima Report: Robot Lifts Melted Fuel
  • TÜV, Nozomi Ink Partnership Pact
  • Pangea Patches Bypass Vulnerability
  • Fuji Fixes FRENIC Devices
  • ARC: Safety and Profitability Work Together
  • Public Needs to Know About Chem Releases: Judge
  • Robot Testing Radioactive Fuel at Fukushima
  • Siemens Fixes CP1604, CP1616 Holes
  • Siemens has Upgrade for Intel AMT
  • Siemens Fixes Hole in SIMATIC S7-300 CPU
  • Read More

Chemical Safety Incidents

White Papers

  • A Year in Vulnerabilities
  • A Year in Threats
  • Year in Hunting and Responding
  • Finding the Competitive Edge
  • Going Digital
  • Visibility Leads to Knowledge
  • Tips to SCADA Security
  • Insurance Dilemma: Infrastructure Attacks
  • Monitoring a Growing Network
  • Integrated Approach to Protecting ICS
  • Analytics through Network Monitoring
  • Gaining Visibility on Malware Attacks
  • The Wireless Edge
  • Benefits of Virtualization
  • Wireless Reshaping IT/OT Network
  • Virtualizing Network: Benefits, Challenges
  • Read More

Sending It Your Way

  • aeSolutions Security Blog
  • exida Explains
  • Joel Langill: SCADAhacker
  • [In] Security Culture
  • Eric Byres: Practical SCADA Security
  • Department of Homeland Security
  • Jim Cahill
  • Dale Peterson
  • Industrial Defender
  • Wurldtech
  • Read More

Be Wary of Google Play Apps

Thursday, November 1, 2012 @ 04:11 PM gHale

An advertising module embedded into over 7,000 “free” fake versions of legitimate Android apps on Google Play is able to cull personal and mobile use information from users, research shows.

One of the offending apps came to the attention of Trend Micro Senior Threat Researcher Alice Decker after she downloaded by mistake a fake Flash Player from Google’s official Android market and then received a warning about its malicious nature by her company’s own mobile security app.

RELATED STORIES
Email Signature Holes Fixed
Weak Crypto Keys Fixed
Windows Help Files an Attack Vector
Apple ID Phishing Scam

After having consulted with a colleague from the Mobile Application Reputation team, she found the extent of the problem: Apart from pushing ads onto the users, the adware module inside the app also sends information such as device ID, OS version, IP address and the user’s phone number, GPS location, account information, calendar and browser bookmarks to the servers of the company that created the module.

“Though most adware are designed to collect user information, a fine line exists between collecting data for simple advertising and violating one’s privacy,” Trend Micro researchers said. “Because they normally collect user information for legitimate purposes, they can serve as an effective means to gather more data than some would want to give out.”

This particular ad module compromises the users’ privacy and their devices’ usability, and the extra bad news is it is in over 7,000 free apps offered on Google Play.

“80% of them are still available, and at least 10% of them have been downloaded more than one million times,” Decker said, adding the Web of Trust community believes the company that created it is also involved in phishing and scamming users.

“Users should be careful about all mobile apps they download, wherever they come from. This is particularly true for ‘free’ apps, where in effect your information becomes payment for the app,” she said. “For some people, this may be a worthwhile tradeoff – but this is something every user should decide for themselves, with a full appreciation of what is given up in return for something ‘free.’ ”



Leave a Reply

Click here to cancel reply.

You must be logged in to post a comment.

« Simple Works for Malware Writers
New Java Malware Forming »

  • Home
  • Eguide: Overcoming the Industrial Cyber Security Skills Gap
  • Register
  • View Spotlight Article
  • News
  • Profile
  • Research
  • User Profile
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • Transactions
  • White Papers
  • Membership Details
  • Subscribe Now
  • About Us
  • Membership Contents
  • Archive
  • Sitemap
  • Careers
  • Government
  • Incidents
  • Industry Voices
  • Products and Services
  • Sending it Your Way
  • Technology Update
  • Views
Policies
Copyright © 2019 isssource.com