18,000 Android Apps Contain Malicious Code That Steals SMS Messages

[Exterminator]

Content source

http://news.softpedia.com/news/18-000-android-apps-contain-malicious-code-that-steals-sms-messages-495088.shtml

For now, the apps affects only users in China
A Chinese mobile advertising platform is distributing a malicious SDK (Software Development Kit) that helps developers implement in-app purchases (IAPs) for Android apps. This SDK secretly steals all SMS messages that arrive on infected phones.

The SDK is being offered as a free download by Chinese company Taomike, and can be used to allow Android developers to create mobile apps that provide in-app purchases via SMS messages.

According to Palo Alto Networks, the security vendor that discovered the SDK, only recent versions of the SDK seem to contain the SMS stealing functionality. This version was released in August 2015.

Right now, Palo Alto has detected over 63,000 Android apps containing the Taomike SDK, but only 18,000 include the recent malicious version of the SDK.

App developers are unaware of what the malicious SDK is doing
The developers of these apps are unaware that the library they used to power IAPs is actually stealing SMS messages (text body and sender number) and then uploading them to one of Toamike's servers, more specifically to 112.126.69.51/2c.php.

As Palo Alto staff explains, only this URL is responsible for gathering SMS messages. Tying the URL to Toamike was easy because it was also used to host other API functions.

All affected apps seem to be created only by Chinese developers, and none of them seems to be distributed via Google's official Play Store.

No details on what the SMS messages are being used for
At the moment, Palo Alto has not been able to determine from their analysis what Taomike is using the stolen SMS messages for.

This revelation comes just two days after Apple banned 256 apps from the App Store for including a similar "malicious" API, which was collecting private information from iOS users. This violated Apple's privacy and security policy.

 

[Anupam]

Thanks to Cyanogen Mod. My phone has privacy protector and you can restrict access and check which Apps Accessed which option and how many times.

But still I personally feel not only SMS, Android should have a strict security system for the advanced users ( By default without Root) to block access to whatever permission it wants to.

Android ROMs are just unnecessary getting bigger and resource hungry rather being more optimized.

 

[Ink]

My phone has privacy protector and you can restrict access and check which Apps Accessed which option and how many times.

Android M (v6) will allow you to change App permissions, which is very much needed, as your data becomes the target.

I agree that some apps take advantage of these API's, to access parts of the phone that are not needed. But until Android M is released, there's not a lot you can do, unless you uninstall it.

For non-rooted Android devices, I view Privacy Protector apps as scareware.

 

[Anupam]

Android M (v6) will allow you to change App permissions, which is very much needed, as your data becomes the target.

I agree that some apps take advantage of these API's, to access parts of the phone that are not needed. But until Android M is released, there's not a lot you can do, unless you uninstall it.

For non-rooted Android devices, I view Privacy Protector apps as scareware.

It will still take time to get Android M for non-nexus devices. Thank fully Cyanogen Mod already have few features those are extremely useful.

So many versions of Android are already released but frankly none of them includes proper proper security settings. For example: Firewall, Privacy Protection these are very basic things those should be present in it.

Since I am not fond of rooting, I miss those specially firewall. Whenever I turn on the data in my phone all the Apps starts connecting to internet instantly which I feel is very irritating. I miss those old days when Symbian based OS used to ask for every connection.

 

[Ink]

Whenever I turn on the data in my phone all the Apps starts connecting to internet instantly which I feel is very irritating.

Today's mobile devices would be considered Always-On / Always-Connected devices, that's why everything gets Internet access.

In terms of treating a mobile as a desktop PC would be wrong, as Android, iOS and Windows Phone function differently, by containing sandboxes, apps and permissions etc.

In my opinion, consumer's don't want a complex mobile OS that asks for every permission. They don't need a Comodo OS on their mobile phone.

 

[Deleted member 178]

I wish my Avast Mobile's FW shows a popup

 

[Anupam]

I wish my Avast Mobile's FW shows a popup

Since I did not root my phone, I used no-root vpn based firewall which is quite good actually

 

[jamescv7]

It should always start for a user to think first which applications are worth to install, Play Store provides the best it can have to prevent those pesky threats however failed on those basic techniques.