You can’t judge an app by its cover…

By TrustGo Security Labs On January 15, 2013 In Categories

Recently, we’ve been hearing pundits and “experts” talk about ways you can avoid bad apps. They say, “Check out the reviews and ratings.” Or, “Make sure you download from reputable sites like Google Play.”

All that is good advice.

But unfortunately, it’s wrong.

Right now, there is a very popular MP3 downloader app on Google Play with 4.2 stars, lots of glowing reviews and more than a million downloads to its credit. Looks like a winner, no?

Actually, it is a big winner for people who profit from stealing your privacy.

The problem is that this particular app (and thousands like it) has not one, but TWO shady ad networks embedded in it. Both networks have obtained permissions that not only allow them to send tons of ads to your notification bar, they’ve gained the ability to do some pretty nasty things:

  • •  They can add icons to your phonetop that can trick you into downloading apps you didn’t ask for
  • •  They can change your browser homepage and follow you all around the web
  • •  They can share your personal data with 3rd parties…who can do whatever they want with it

Are these things necessary to download MP3 files? Definitely not. Are they good for users? We don’t think so.

The bottom line is that it is impossible to know the mayhem an app can cause by looking at its Google Play listing. Without a robust, ad-network-aware mobile security solution like TrustGo, you might find that the app you just downloaded is not at all what it seems.