On first impressions Tap Snake might have seemed like a harmless bit of retro fun, but it got IT security researchers frothing at the mouth. The reason? Well, this free snake game for Android smartphones had hidden features, which could have been used for spying on the handset’s owner.
Call it the price of popularity. As sales of Android-based smartphones have surged, they have become a tempting target for cyber crooks, eager to get their mitts on personal data stored on the devices. Locking down your smartphone’s apps may be the best bet for safeguarding your secrets – and your cash.
Smartphones are increasingly being used for applications that use sensitive data such as email and text messages, financial information and location, said Kevin Mahaffey, chief technology officer at mobile security company Lookout.
“Smartphones can even act as a credit card, charging money to your phone bill,” he added.
As it turned out, Tap Snake proved to have about as much power to cause harm as a marshmallow baseball bat. While it enabled the phone to be used to send GPS data to a third party, this was only possible once the attacker had actually gained physical access to the handset. And it wasn’t as if other apps – for both Android phones and iPhones alike – couldn’t provide similar functionality.
What made security researchers at Symantec and F-Secure sit up and take note was that here was an app that didn’t disclose what it was doing up front. This was “the primary reason we consider this a Trojan”, Symantec noted.
The threat from malicious smartphone apps has been closely tracked by security researchers at Lookout. They unveiled the first findings of their App Genome Project at the Blackhat security conference in late July, and have continued to track the threat landscape.
“We discovered that many apps use sensitive data in a way that may not be apparent to users or even developers because the apps contain third-party code that has the capability to access sensitive data,” said Mahaffey.
“Developers often use third-party code to add advertising or analytics capabilities to an app, but may not realise all of the functionality of what they are adding to their apps.”
According to Lookout’s analysis of smartphone apps, 47 per cent of free Android apps and 23 per cent of free iPhone apps included at least one of the top third-party libraries for advertising or analytics capabilities.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches