New research warns: Privacy apps are stealing personal data

More people are looking to safely store their most sensitive private pictures, videos, passwords and messages from hackers. For instance, over half a billion have downloaded free Android One from the Google Play store.

However, new research from specialist cybersecurity researchers at CyberNews warns that many, including most of the popular Android One, does the exact opposite.

They spy on you when you’re the most vulnerable, sell your sensitive data to advertisers, gain access to your private photos and often infect your smartphone with adware or malware.

With a privacy vault app, you move all of your sensitive data to a secret, password-protected (or even encrypted) folder on your phone. That way, even if someone else has accessed to your device, it is hard for them to access anything too sensitive. 

Unfortunately, if the app developer is untrustworthy it also gives them access to all of your sensitive information. 

CyberNews’ research has found that none of the top 30 privacy vault apps in the Google Play store should be trusted and is advising their millions of users across Britain (and 100 of millions of users around the world) to delete them at once. 

Edvardas Mikalauskas, a Senior Researcher at CyberNews said: ‘Many free apps on Google Play engage in unethical advertising or simply steal your data and sell it for profit.  Our research shows that privacy vault apps are in fact among the worst. 

‘Personally, I wouldn’t download any of the top 30 free privacy vault apps, and my recommendation to people that have them installed is to delete them immediately.

‘For instance, they all ask for unnecessary and suspicious access permissions, and the majority are from developers in China who already have reputations for providing dodgy apps that either infect your phone or steal your data.’

He added that: ‘Our research revealed all of the top 30 android privacy vault apps request the ability to write files to your device, which will allow them to infect your phone with malware, and 27 want the ability to read your files.  This gives them access to the very photos and files you want kept safe.

‘The worst offender is Calculator Vault : App Hider – Hide Apps which requests a whopping 14 dangerous permissions, including knowing your GPS location, reading your photos, accessing your camera, body sensors, and even accessing your calendar.

‘This had been downloaded over five million times so far. It wants all the personal data, but if you were a dissident or from a persecuted group in such countries as China, it puts you and your contacts at risk of imprisonment or worse.’

Apps that can access personal data: 

  • All 30 apps request the ability to write files to your device.
  • 27 apps want the ability to read files on your device.
  • 26 apps want access your camera.
  • Eight apps want access to your course location and six apps want access to your GPS location.
  • Five apps want the ability to add new contacts to your phone and another five apps want to access your contacts list.
  • One privacy app wants the ability to read body sensors that measure things like your steps and heart rate.

Here are the findings from the trusted developers:

  • 18 out of the top 30 apps are based in China or Hong Kong.
  • At least four developers have been publicly identified already for data theft and/or infecting users with malware and adware.

Here are three warning signs to spot a dangerous privacy app: 

  • Too many permissions. If all it does is move your photos to a secure folder but insists on knowing your location, use a less invasive app.
  • It is developed by a company you’ve never heard of. If it’s not made by a reputable developer, stick to brands you already know and trust.
  • If it is free, you’re probably the product. Many free apps on Google Play engage in unethical advertising or simply mine your data and sell it for profit. 

Recommendations before downloading any app from the play store:

  • Make sure to check what permissions it requires to function. You can do this by tapping about this app in the app description, scrolling down and tapping see more next to app permissions.
  • If you feel that the app is asking for too many dangerous permissions, don’t install it.
  • Check the app’s privacy policy. If the policy seems too short, or is written in unclear, broken English, don’t install the app.
  • Google the app developer. If you notice their name mentioned in malware reports or around unethical behavior scandals, skip the app.

CyberNews advises that: ‘Apple iPhone users have much less to worry than the Android users. The app store is a lot more strictly curated, which means that there are very few dangerous apps available for download.

‘This is because of Apple’s strict and manual app review process, which is a lot better suited to detecting malicious apps than the automated process employed by Google Play.’

Earlier this year CyberNews highlighted 30 popular beauty apps that are in fact secretly a danger to users and should be deleted, with activities including accessing private information, introducing malware and/or scraping users’ information for resale.


Image credit: Freepik