What are the Privacy Dangers of Downloading Mobile Apps

The privacy dangers of downloading mobile apps are growing exponential as people become more and more reliant on their mobile devices.

Once upon a time, the Google Play Store was one of the most trusted online markets. However, it seems as if Google is losing the battle against dubious Android software. In July 2019 alone, the Google Play Store hosted well over 200 harmful applications. The troubling thing about it is, these dangerous apps were downloaded approximately 32 million times between July and August.

What are the Privacy Dangers of Downloading Mobile Apps?

Out of the 200 harmful apps, 188 of them contained hidden ads and comprised 19.2 million out of the 32 million installs. According to a report published and compiled by ESET, The remainder of the offending apps were adware droppers, subscription scams, ad fraud, stalker were bogus antivirus tools, software with built-in backdoors, or completely fake altogether. These are some of the more obvious privacy dangers of downloading mobile apps.

The most interesting thing to come out of the ESET report was the fact that, while there were only a few subscription-based scam applications found on the Google Play Store in 2019, they comprised over a third of the total downloads (or approximately 12 million installs).

And while hidden advertisements may not sound all that bad, these kinds of apps tend to hide their icons from the user or don’t have icons at all. For the most part, adware droppers have no functionality what-so-ever other than turning your handheld device into a fullscreen ad zombie.

Lukas Stefanko, a malware researcher for ESET, said in an interview that when his team tried to contact Google about this issue, no one at the tech giant was willing to comment one way or another. As of 2020, Google has still failed to discuss the matter with ESET.

What Are Some of the Biggest Dangers Posed by Dubious Apps?

Back in the day, smartphone viruses didn’t pose that much of a threat. The worst-case scenario was that your Android or iPhone became an expensive brick. Nevertheless, if the user was able to shut their phone down in time, it might have required a trip to the repair shop at most. For more information on staying safe in the cyber world, click here.

Viruses made themselves known way back.

Today, however, cybercriminals have grown far beyond bricking users’ smartphones for kicks; it’s all about getting paid. This means the less conspicuous their exploits are, the better it is for their bottom dollar. Just as most organizations are all about the data, cybercriminals, too, are all about collecting as much sensitive data about you as possible.

How dangerous they depend on the type of vulnerable data criminals can collect. This is another thing to take into consideration when thinking about the privacy dangers of downloading mobile apps.

Android Ransomware

If you thought ransomware only targeted company networks and computers, you are gravely mistaken. Many smartphone users have financial apps on their smartphones, and hackers know this quite well. They are also aware that most smartphone users tend to become complacent when it comes to mobile online security. This complacency might be a result of people using their phones so much that they lower many of the security restrictions intended to prevent such attacks.

Security measures such as not allowing automatic downloading of third-party applications from a web browser or even using “YouTube to MP3/MP4” download sites to download free songs from YouTube. So-called download sites (whether it be YouTube to MP3/MP4 or online file “conversion” sites, for example) may try to sneak malware or adware in with the file you download. And even those sites that have good intentions can be plagued with malicious links (usually in the form of seductive advertisements).

Usually, this is the general rule of thumb: if the “download” site you are visiting has a bunch of blinking ads (especially confusing ads with green arrows saying “Start Your Download Here”), get out of there as fast as you can. The purpose behind all of the misleading advertisements is to get the user to click the wrong thing by accident—it only takes a single click for a malicious link to download ransomware onto your Android or iOS device discretely.

This is a great article explaining Android ransomware works.

InnfiRAT: Malware Designed to Infect Crypto Wallets

This type of malware is nothing like traditional malware viruses that were merely annoying. InnfiRAT and other malware like it won’t make themselves known until you log into your crypto wallet only to find all your bitcoin has been stolen. The crazy thing about malware like InnfiRAT is that it simply swaps only a few letters or digits of your actual wallet address (not enough for you to notice) and redirects the transaction to the attacker’s wallet.

The kicker is, some victims at first assume that the sender was mistaken; they may go through this one or two more times before becoming suspicious. This is because InnfiRAT changes the address back to the original address of the user as soon as the transaction is completed.

The victim most likely won’t become aware of what exactly is happening until he or she takes a closer (much closer) look at the actual address in the history. That is why this one of the privacy dangers of downloading mobile apps requires them to painstakingly go over each number and letter one by one a few times to be sure they’re not mistaken.

Ginp: Mobile Banking Trojenware That Steals Your Banking Credentials

Unlike InnfiRAT, Ginp has the potential of affecting a far greater number of people, since far more individuals use online mobile banking applications than they do cryptocurrency wallets. One of the major privacy dangers of downloading mobile apps can hit you in your pocketbook.

While anyone can fall victim to this type of malware, it tends to hit much younger and much older users. The reason for this lies in the possibility that younger people are more careless about such things (even though they are often considered more tech-savvy) while older people are not as tech-savvy as their Millennial counterparts.

Ginp is a Trojenware. As the name implies, it likes to disguise itself as a legitimate application at first. This is another one of the top privacy dangers of downloading mobile appsHowever, once you’ve downloaded it, it starts its attack by asking for Accessibility Service privileges. Once it successfully achieves that, it removes its icon from the app folder and slinks back in the shadows of your internal system.

This is another of the major privacy dangers of downloading mobile apps, even if you were to try and remove it, you would find it difficult to find it unless you knew what you were doing. And being that you granted it Accessibility Service privileges, antivirus software will ignore it.

Once Gnip is cozy and comfy inside your smartphone, it will finalize its attack by granting itself even more permissions, allowing it to send text messages, make phone calls, and a score of other things without you being the wiser. It’s not until you find your bank account empty that you realize your phone has been infected.

These are just a few examples of the privacy dangers of downloading mobile apps, for more information on this topic, click here.