Privacy and security research firm VPNpro has discovered six dangerous Android antivirus apps that have a total of 1.66 billion downloads available in the Google Play Store. These six free Android antivirus apps ask users to explicitly agree for dangerous permissions that they are not required to operate. And there is simply no legitimate reason for them to do so. Downloading these antivirus apps has resulted in putting users themselves as well as all of their precious data at risk.
So, my advice here is pretty straightforward. Even if you are installing an antivirus app from Google Play Store, make sure it is a well-known brand and you are familiar with the permission is required to operate on. Downloading free apps onto Android devices is always a risk, especially if they are from unknown developers.
Free Antivirus apps – Dangerous Permissions
These six Android antivirus apps asking for dangerous permissions such as access to the microphone, camera, making calls, reading and writing files, and much more.
In order to function, antivirus apps require only certain permissions such as accessing the internet to scan and pull down virus data, reading and writing storage (READ_EXTERNAL_STORAGE and WRITE_EXTERNAL_STORAGE) to find out and deal with threats and more.
So, antivirus apps requesting dangerous permissions including accessing the camera and the microphone, recording audio, making phone calls, recording location data can seem quite suspicious and cause you to harm.
According to VPNpro, the antivirus apps use the dangerous permissions granted during set-up to collect user data and sent it back to their handlers who in turn can make premium calls, deliver fraudulent ads or even engage in subscription fraud. Some of these apps will even demand payment before you're able to delete this malicious software from your device. So, you'll be paying twice, first with your private information, and second with your credit card.
The following are the six apps that downloaded more than 2 billion times requesting dangerous permissions and if you have any of the following apps you should uninstall them from your device immediately.
- Clean Master - Antivirus, Applock & Cleaner (1 Billion+ installs)
- Security Master - Antivirus, VPN, Applock, Booster (500 Million+ installs)
- Virus Cleaner 2019 - Antivirus, Cleaner & Booster (50 Million+ installs)
- Super Phone Cleaner: Virus Cleaner, Phone Cleaner (50 Million+ installs)
- Virus Cleaner, Antivirus, Cleaner (MAX Security) (50 Million+ installs)
- Antivirus Free 2019 - Scan & Remove Virus, Cleaner (10 Million+ installs)
These apps are highly popular and they are potentially dangerous by having explicit permissions these apps can track, can open the camera and access phone without user knowledge.
The research conducted against 15 most popular free antivirus apps from Google Play Store to check which type of permissions they are looking for. Out of 15 apps, 12 apps belong to developers based in China or Hong Kong.
Following are the dangerous permission requested :
From the above table, you can see that the ability to write to external storage is requested by every single app, while the ability to record audio is only requested by one app named Security Master - Antivirus, VPN, Applock, Booster, the #1 free antivirus app on the Google Play Store.
Even though these apps have been found guilty of these malicious activities in the past, they're still available on Google Play Store and millions of installs happen every month.
Why do these apps want these dangerous permissions?
For the most part, the answer is pretty simple : money.
The simple truth is that data is a very, very big business. It's expected to reach $274 billion by 2022.
When it comes to apps, the most profitable data comes from location permission that was requested by 9 out of the 15 antivirus apps (shown in the above table).
Specifically, these apps are looking for ACCESS_COARSE_LOCATION and ACCESS_FINE_LOCATION, by having this permission they can closely track the user's location, these data are sold to data brokers by app developers.
Mobile apps can send user's location data every 2 seconds, and in some cases, more than 14,000 times per day to various third-party companies. Paris based data broker Teemo offers $4 per thousand users per month. If only 1% of Security Master's 500 million users were active, it would earn $20,000 every month.
So, It's simple than the more data you can get (meaning more dangerous permissions per user) the more money you'll earn each month.
So, when selecting antivirus app for your phone, consider these questions first :
- Do I really need an antivirus app? For the most part, the answer is no - unless you're installing unofficial apps on your device or not updating your other apps or device.
- Is this an app from a reputable developer? If it isn't, you might want to choose one from a well-known brand.
- Does this app really need these dangerous permissions? Usually, they don't. But sometimes, by denying certain permissions, the entire app may not work. At the point, you'd have to consider a different antivirus app.
These dangerous apps are huge privacy threats for users, a detailed analysis to be done before installing any free app from Google Play Store.
I hope you find worthful information in this article. If you have any questions then please mention in the comments section and I will get back to you and stay tuned with my blog to learn interesting things related to cybersecurity and hacking.