Advertisements are the largest source of revenue for most mobile applications, with many cycling through full-screen ads intermittently or housing banners at the bottom of the screen. Six popular applications found on the Google's Play Store have now been removed for illegally abusing these services and users should quickly uninstall them if they wish to preserve data, battery and system resources.
A joint investigation conducted by Buzzfeed and security firms Check Point, Method Media Intelligence and ESET has revealed that six applications from Chinese publisher DO Global have secretly been harvesting data from unwitting users. Selfie Camera, Total Cleaner, Smart Cooler, RAM Master, AIO Flashlight and Omni Cleaner have all been prompting advertisement clicks in the background, regardless of whether the apps are open or not.
As many readers will be aware, some adverts construct a digital fingerprint of users consisting of their personal information, the system used and sometimes its software. Collection of such data without making the user aware is directly in breach of the EU’s General Data Protection Regulation (GDPR), not to mention Google’s terms of service.
Google told Buzzfeed that it “explicitly prohibits ad fraud and service abuse on Google Play” and has subsequently removed the applications from its Store. Users that already have any of the above downloaded will need to manually uninstall if they wish to preserve their privacy. “Developers are required to disclose the collection of personal data, and only use permissions that are needed to deliver the features within the app. If an app violates our policies, we take action that can include banning a developer from being able to publish on Play.”
Some Android users are underwhelmed at Google’s response, claiming that the simple removal of applications without a proper punishment will encourage developers and publishers to continue utilising dishonest tactics to generate revenue. Punishment might be yet to come however, as the investigation also insinuates that DO Global is guilty of concealing its country of origin.
The study also highlighted three other applications as causes for concern with the amount of permissions they request – Emoji Flashlight, Samsung TV Remote Control and WaWaYaYa. Despite other flashlight applications requiring 2 permissions to function, Emoji Flashlight requests as many as 30, 7 of which Google deems critical. Samsung TV Remote Control is guilty of seeking 58 permissions, 23 of which can be considered dangerous including audio recording and WaWaYaYa feeds user data back to Chinese servers without encryption.
These three applications remain active, but Google is likely to crack down on the unnecessary amount of permissions requested soon. In the meantime, it’s worth treading the app space carefully, reading the requested permissions before accepting installation.
KitGuru Says: Users often hold official app stores in high esteem, but an application appearing on the platform can’t always inherently be trusted. Personally, I hope that Google or the EU chases DO Global up in a legal sense, setting an example for other publishers.