Les vulnérabilités du VPN vous préoccupent ? Découvrez comment profiter de notre solution de migration VPN qui inclut 60 jours de service gratuit.

Blog Zscaler

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

S'abonner
Recherche sur la sécurité

Android App Shares World Cup News At The Expense Of Your Privacy

image
VIRAL GANDHI
juin 14, 2014 - 3 Min de lecture
Everyone is excited about the football World Cup and apparently so are those peddling adware. Earlier we discussed some of the more aggressive Android advertising SDKs integrated apps flagged by AV vendors as Adware - Google Play vs AV vendors. We recently came across a particularly aggregious adware app promoting World Cup news.
App: Brazil 2014 World Cup
Virus Total: 18/45
List of suspicious methods identified via static analysis:
 
  • getMACAddress
  • getLine1Number
  •  getsms
  •  getLongitude
  •  getLatitude
  •  getImei
  •  getImsi
  •  getAndroidId
  •  getEmail
  •  getManufacturer
  •  getOsVersion
  •  getNetworkconnectiontime
 
Let see how it harvests all information.
 
Image
Device information
 
This app contains the Airpush and Revmob advertising SDKs. From the screenshot above, you can see the application harvesting  the device MAC address (something Apple has cracked down on), mobile ID, Android ID and serial numbers. Adware harvests such information for tracking users as this information allows for tracking the user’s device across applications using the same SDKs.
 
Image
Device information
 
Above, you can see the application harvesting device model information, the SDK API version, manufacturer details and the device OS version. This information can then be used by advertisers to build statistics about app usage.
Image
Phone number
In this screenshot, you can see the application also collecting the user's phone number. This is very sensitive information as such information can be used for phone based spamming and advertising campaigns.
Image
Email
 
This app also collects the user's email account, again, this too is likely used for spamming and advertising campaigns.
Image
IMEI
Finally, the application collects the device IMEI number, another valuable identifier for tracking the same device across applications sharing the same advertising SDKs.
 
Image
Data sent
 
You can also see all of the info being delivered to a third party.
Image
Google play store developer policy
As per the Google Developer policy, usage of MAC address and IMEI numbers is strictly prohibited. Still, apps are regularly permitted into the Google Play store and bypass Google's automated checks. This is an area where Apple is doing a better job of protecting end user privacy through both changes at the O/S level and via application reviews conducted prior to apps being included in the App Store. Apple would no longer permit an app with the level of data collection seen in this particular Android app. There is always confusion about content related to user privacy used by Android apps. In spite of clear guidelines from Google about data collection, developers are ignoring the rules and Google is not aggressively enforcing them.

Despite the aggressive data collection, this app is not malicious. Instead we (and many anti-virus vendors) consider this app an example of aggressive adware.

Stay safe while enjoying the World Cup.
-Viral.
form submtited
Merci d'avoir lu l'article

Cet article a-t-il été utile ?

dots pattern

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

En envoyant le formulaire, vous acceptez notre politique de confidentialité.