By Joe McManus
There are too many events happening at one time during the Olympics, which might tempt you to install an app for that. But be careful of what you install. Not all apps are what they appear to be. As an example let’s look at the app called “London Olympics Widget”.
It appears intended to show the user aggregated 2012 Olympics news. What it really does however is harvest your contact list, device id(IMEI), and reads your SMS messages.
How does it do this? It installs with the following permissions (among others):
The package name is ‘com.games.London.Olympics.widget’. This app has a digital certificate claiming it was developed in New Delhi, India.
Obviously an app for Olympic news does not need all of the above functionality to show you who won the last gold medal. Who could blame you for wanting to keep up on the Olympics? Just exercise caution when downloading apps for your Android Device. The official London 2012 mobile app can be downloaded from the site: http://www.london2012.com/mobileapps_download.html
Although the Amazon Appstore for Android and Google Play sites do not screen every app in the store for malicious code they do remove apps that are reported to be malicious to them.
When installing apps look at who the author/author company is. If the author is listed, search the name and see if it is a reputable or related company. For instance if you look for the Spotify Android app, you will see on the Google Play page that Spotify LTD release the app and is noted as a top developer.
Employ the practice of least privilege, if an app that changes your background wallpaper wants access to your contact list, Twitter and Facebook account you should probably reconsider its use.
Still curious about how to decide what a trustworthy app is? Webroot covers this in detail in the article “7 Common Mobile Security Questions Answered.”
Webroot SecureAnywhere users are proactively protected from this threat.