Google Removes Two Selfie Apps For Suspicious Behaviour

• The two apps posed as selfie camera filters on Google Play and had over 1.5 million installs.
• The two apps, now removed, aggressively pushed full screen ads on the Android devices.

An overview

Recently, a couple of Android apps available on Google Play were found to be stealthily recording audio of the users, of course without their consent.

The two apps, Sun Pro Beauty Camera and Funny Sweet Beauty Selfie Camera, had over 1 million and 500,000 installs respectively. The primary function of these apps was to aggressively push ads that covered the entire screen of the Android device.

The adware activity: Once a user downloads and launches the app, it would create a shortcut and then remove itself from the app drawer -- an app to search for other apps on Android Device.

Both apps displayed full-screen ads, but they were triggered differently. The only way to uninstall the apps was by looking for it in the Apps menu. Phone reboot had no effect on the apps’ behavior as the ads would still pop up. The full-screen ads were also difficult to close as per the researchers.

SunPro Beauty Camera could push adware without even running the app, whereas Funny Sweet Beauty Camera app began the barrage of unwanted promotions only when a user attempted to download filtered photos on their device.

Research revelations: Security researchers from Wandera tested the apps on the Android’s Lollipop version.

• While analyzing the apps, they initially came across the permissions that did not fit with their advertised purpose. Apart from the normal permissions, there were some concerning ones.
• The most worrisome of all was SYSTEM_ALERT_WINDOW, which allowed the app to overlay arbitrary content.
• The permission could further contribute to clickjacking, or trick users into typing sensitive information like banking details or other credentials.
• Another troubling permission named RECORD_AUDIO could begin call recording without notifying the users.

End of the apps: Google Play has put a stop on the operations of both the apps after being reported on September 11. However, the author(s) of the app continue to mint money and jeopardize users’ privacy on devices that still have them.