Buzzfeed editors together with Check Point, Method Media Intelligence and ESET specialists reported that six of their Android smartphone apps were revealed to enable obtaining of user data without their knowledge. All programs have been released by the Chinese publisher DO Global. The list is as follows:
- Selfie Camera
- Total Cleaner
- Smart Cooler
- RAM Master
- AIO Flashlight
- Omni Cleaner
Each of the listed applications displayed advertisements in the background regardless of whether the program was launched or not. Some of the virtual advertisements were able to collect information and make copies of personal data, as well as records of the version of the operating system used and other applications they had installed.
Such practices are not only in breach of Google Play's terms and conditions but also of the EU data protection regulation (GDPR). No wonder that Google has taken decisive steps - suspicious applications have already been removed from the virtual store database, and owners of these programs should uninstall them from their smartphones to ensure adequate security.
It is also worth mentioning that Google is targeting three other suspicious applications. Emoji Flashlight requires the user to give up to thirty permissions during installation (while similar programs of this type most often use two permissions), and Samsung TV Remote Control needs 58 different permissions. WaWaYaYa is an application that sends user data to Chinese servers without any encryption mechanism.