Cybersecurity experts from Pradeo discovered two malicious file management and data recovery apps on Google Play that were installed on more than 1.5 million devices in total. Applications collected an excessive amount of data that is not necessary to provide the claimed functionality.
Both applications named File Recovery & Data Recovery (com.spot.music.filedate) and File Manager (com.file.box.master.gkd) belong to the same publisher. They could work stealthily in the background and send stolen data to remote servers in China. At the time of publication, the applications are no longer available on Google Play, but it’s still worth talking about the mechanism of their action so as not to accidentally run into something similar in the future.
The applications were discovered using a behavioral analysis engine from Pradeo, a mobile security company. Description of the apps on Google Play states that they do not collect any user data from the user’s device. However, Pradeo experts found that this is far from the case.