For developers, getting apps approved for the Apple App Store can be tedious. It's not as bad for the Google Play Store, but that also means it's not as secure. In fact, Google had to remove a few apps for security reasons recently.
According to Ars Technica, Google removed nine apps with over 5.8 million downloads from the Play Store for privacy violations. Despite having legit functions for photo editing and file management, these apps actually hid JavaScripts that would steal a user's Facebook login credentials.
The 9 apps that were removed (screenshot from Dr Web)
It works by getting a user to sign in to Facebook, then use JavaScript to record the login credentials. The details are then to the app creator's server. If the user were to log in to Facebook, the script will also steal the cookies from the current login session to the server. It should be noted that this method of attack can be applied to other web services, so the threat isn't only to your Facebook login.
This proves that you should be careful of any app you download these days. Our advice is: If you don't trust the developer, don't download it. With that said, have you encountered any app like that? Let us know in the comments, and stay tuned to TechNave for more news like this.
COMMENTS