Beware of Malicious Olympic 2012 Android Apps

by


By Joe McManus

There are too many events happening at one time during the Olympics, which might tempt you to install an app for that. But be careful of what you install. Not all apps are what they appear to be. As an example let’s look at the app called “London Olympics Widget”.

More details:

It appears intended to show the user aggregated 2012 Olympics news. What it really does however is harvest your contact list, device id(IMEI), and reads your SMS messages.

How does it do this? It installs with the following permissions (among others):

android.permission.READ_CONTACTS

android.permission.READ_SMS

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_LOCATION

The package name is ‘com.games.London.Olympics.widget’.  This app has a digital certificate claiming it was developed in New Delhi, India.

Obviously an app for Olympic news does not need all of the above functionality to show you who won the last gold medal. Who could blame you for wanting to keep up on the Olympics? Just exercise caution when downloading apps for your Android Device. The official London 2012 mobile app can be downloaded from  the site: http://www.london2012.com/mobileapps_download.html

Although the Amazon Appstore for Android and Google Play sites do not screen every app in the store for malicious code they do remove apps that are reported to be malicious to them.

When installing apps look at who the author/author company is. If the author is listed, search the name and see if it is a reputable or related company. For instance if you look for the Spotify Android app, you will see on the Google Play page that Spotify LTD release the app and is noted as a  top developer.

Employ the practice of least privilege, if an app that changes your background wallpaper wants access to your contact list, Twitter and Facebook account you should probably reconsider its use.

Still curious about how to decide what a trustworthy app is? Webroot covers this in detail in the article “7 Common Mobile Security Questions Answered.”

Webroot SecureAnywhere users are proactively protected from this threat.




About the Author

Name:
Role: None



Trackbacks

  1. [...] doesn’t link to the original report, which can be found here. According to Rachel, the report was sent to her under embargo and published on a timer before the [...]

  2. [...] doesn’t link to the original report, which can be found here. According to Rachel, the report was sent to her under embargo and published on a timer before the [...]

  3. [...] (Source: Webroot threat blog. Author: Joe McManus) [...]

  4. [...] app called “London Olympics Widget” seems harmless enough, but according to Webroot’s security blog, it actually rifles through your contacts, device info, and text [...]

  5. [...] app called “London Olympics Widget” seems harmless enough, but according to Webroot’s security blog, it actually rifles through your contacts, device info, and text [...]

  6. [...] app called “London Olympics Widget” seems harmless enough, but according to Webroot’s security blog, it actually rifles through your contacts, device info, and text [...]

  7. [...] app called “London Olympics Widget” seems harmless enough, but according to Webroot’s security blog, it actually rifles through your contacts, device info, and text [...]

  8. [...] app called “London Olympics Widget” seems harmless enough, but according to Webroot’s security blog, it actually rifles through your contacts, device info, and text [...]

  9. [...] app called “London Olympics Widget” seems harmless enough, but according to Webroot’s security blog, it actually rifles through your contacts, device info, and text [...]

  10. [...] app called “London Olympics Widget” seems harmless enough, but according to Webroot’s security blog, it actually rifles through your contacts, device info, and text [...]

  11. [...] app called “London Olympics Widget” seems harmless enough, but according to Webroot’s security blog, it actually rifles through your contacts, device info, and text [...]

  12. [...] app called “London Olympics Widget” seems harmless enough, but according to Webroot’s security blog, it actually rifles through your contacts, device info, and text [...]

  13. [...] app called “London Olympics Widget” seems submissive enough, though according to Webroot’s confidence blog, it essentially rifles by your contacts, device info, as good as content [...]

  14. [...] story so far: On Monday, security vendor Webroot posted a note on their threat blog warning of possible malware programs masquerading as a London Olympics [...]

  15. [...] story so far: On Monday, security vendor Webroot posted a note on their threat blog warning of possible malware programs masquerading as a London Olympics [...]

  16. [...] story so far: On Monday, security vendor Webroot posted a note on their threat blog warning of possible malware programs masquerading as a London Olympics [...]

  17. [...] story so far: On Monday, confidence businessman Webroot posted a note on their hazard blog warning of probable malware programs masquerading as a London Olympics [...]