Remove These Rogue Android Apps That Have 382 Million Downloads

Posted on by

Whenever we post “Remove these apps” stories, we invariably see comments claiming that the malicious apps in question are so bizarre and pointless that you’d have to be the dumbest Android user on Earth to download them in the first place (or something to make this effect).

According to a new VPNpro report, the Chinese company Shenzhen Hawk appears to have launched 24 different sketchy apps on the Google Play Store with a total of 382 million downloads. While you may not have been drawn into installing it on your device, a lot of people have done it. And all of these apps didn’t come directly from Shenzhen Hawk; the company used multiple names of app developers to hide its motives.

While not all of these applications were as harmful as others, some of them asked for certain permissions in excess of what the application probably required. For example, an antivirus scanner app might request access to your Android camera – which we wouldn’t expect if it only scanned files on your phone.

As Forbes’ Zach Doffman describes :

Of the 24 apps listed in the report, six request access to the user’s camera and two to the phone itself, which means they can make calls. 15 applications can access the user’s location via GPS and read data from external storage, while 14 applications can collect and return information about the user’s phone and network. One of the applications can record sound to the device or its own servers, the other can access the user’s contacts.

[…]

Once installed, these applications can communicate with an external server managed by their developers. When extracting location information and user data, the least risk is that it facilitates targeted marketing where user data is sold to advertisers who can then personalize unwanted ads for those users. These servers are located in China, and at least one of these apps – Weather Forecast – reportedly sent user data there. The permissions granted will allow you to make premium calls, visit websites, and download additional malware to your device.

Here are all the crappy apps you should uninstall

It will take about a minute to check your phone and make sure you do not have any rogue apps from Shenzhen HAWK or the various names of the app developers it uses. Google has removed all 24 apps in question from the Google Play Store, but you’ll have to uninstall them manually. They won’t just disappear from your device.

Apps ranked in order of download:

  • Voice recorder (100M)
  • Super cleaner (100M)
  • Virus cleaner 2019 (100 million)
  • File Manager (50M)
  • Joy Launcher (10M)
  • Turbo Browser (10M)
  • Weather forecast (10 months)
  • Candy Selfie Camera (10M)
  • Hi VPN, Free VPN (10M)
  • Candy Gallery (10M)
  • Lite Calendar (5 million)
  • Super battery (5m)
  • High level of security 2019 (5 months)
  • Net Master (5 million)
  • Puzzle Box (1M)
  • Private Browser (500,000)
  • Hello VPN Pro (500,000)
  • World Zoo (100,000)
  • Word Crossy! (100,000)
  • Football pinball (10,000)
  • Dig (10,000)
  • Laser Breakthrough (10,000)
  • Music roaming (1,000)
  • Word Crush (50)

If any of this is similar to what is on your device, you can also check if the developer is one of the following:

  • Touch the sky
  • mie-alcatel.support
  • ViewYeah Studio
  • Hawk app
  • Hi Security
  • Alcatel Innovation Lab
  • Shenzen Hawk

If so, you should uninstall the offending applications. Don’t hesitate.

But this is more than just removing rogue Android apps.

Even if you were smart and didn’t use any of these crappy apps, this whole deal is a great reminder that it’s important to think about what the app really wants and needs when it asks for permissions.

There is no one-size-fits-all answer to this question, and you may not be realizing that the app really needs high-risk permission to work (like your location or access to your camera). But if an antivirus app needs permission to record sound from your device, or solitaire needs access to your location and calendar, you can deny this permission ahead of time and see if you can still use the app without problems. (I would uninstall it and find another app, but that’s just me.)

And while we’re on the subject, don’t forget about the App Permissions section in Android 10, which you can use to find out which apps you’ve given access to different parts of your phone. On my Pixel, I can access it by clicking on the Settings app, Privacy and then Permission Manager. Once there, you’ll see a plethora of permissions you’ve provided (organized by category), as well as that many apps are allowed access to features like your contacts, text messages, and microphone.

To change the permissions of an app, simply click on it in any of these categories to toggle between Allow and Deny.

Since, as mentioned, it’s hard to tell if an app’s permission requests are for legitimate use or not, I think it’s also a great idea to become more picky about the apps you install on your Android. This does not mean that you should always stick to the “best” charts in the Google Play Store, as obviously the number of downloads of an application does not affect whether it tries to inject malware onto your device. It also doesn’t mean that you can blindly trust everything on the Google Play Store. Google tries to weed out bad actors whenever possible, but it’s far from ideal.

Instead, think about the fact that a new application or game you are capturing is really something meaningful that you need to have. Read some of the reviews – on the Play Store and from reputable third parties – to see what they have to say about the app experience. Looks like it was done quickly? Is replication a feature that you might find from better, better known app developers? Does this mimic what you can already use on your phone? Have you ever heard of developers before and do the rest of their apps look legitimate or too accurate?

The best way to keep yourself safe in any app store is to use common sense. You don’t need every app you come across, and you really shouldn’t let random apps have all the system permissions they ask for if the requests don’t seem legitimate. And take the time to remove apps you don’t use from your smartphone so you can be sure they don’t just stay and cause problems – if they are fraudulent.

More…

0
Android

Leave a Reply