Mobile Threat Monday: Android App Sells Your WhatsApp Conversations - Technology Portal


Post Top Ad

Post Top Ad


Mobile Threat Monday: Android App Sells Your WhatsApp Conversations

Image via Flickr user Tiago A. Pereira F-Secure analyzed a particularly nasty Android app that targets users of the popular messaging service WhatsApp. For those not in the know, WhatsApp is among a growing class of messaging services that let you chat and send media to other users for free. It's particularly popular outside the US, or among people who don't want to pay to send text messages.
Once the dangerous app is installed, said F-Secure, it uploads your WhatsApp conversations to another website where anyone with your phone number can purchase copies.
The actual app to watch out for is called BalloonPop2. F-Secure and others report that it was available in Google Play for a time, but has since been removed. It's currently available from the developer's website.
Once installed, the game actually works—though it is a dull, stripped-down affair. But F-Secure explained that behind the scenes, the app is figuring out the details of your WhatsApp account. It also checks your SIM card's serial number, presumably to match your WhatsApp account to a phone number.
The app then copies the contents of two directors associated with WhatsApp: the entire contents of your Profile Pictures folder, and then files ending with ".db.crypt" contained in WhatsApp/Databases/.
BalloonPop2 then uploads your files to the WhatsAppCopy website, where anyone can search for them through your phone number. If they want a copy of your conversations, they only need to pay a fee to WhatsAppCopy. What's not clear is if those files are readable. SecruityWatch is investigating whether the files BalloonPop2 swipes are encrypted or not.
WhatsAppCopy might seem obviously illegal, but from reading the WhatsAppCopy website (translated from Spanish via Google) the entire operation is framed as a "backup" service. The idea being that you'd install the game on your own device and purchase your own records. This is a pretty flimsy excuse, considering that the app used to copy your data isn't sold as a backup app, and that it's named in a way that encourages confusion with a number of popular Android games. It's clearly meant to deceive.
At best, WhatsAppCopy and BalloonPop2 fall into the grey-area of surveillance apps. These apps capture text messages and calls, and are targeted at people looking to spy on their significant others. At worst, it's a blatant attempt to steal your data and sell it.
How To Stay Safe
Since WhatsAppCopy's BalloonPop2 app was removed from Google Play, there's little to fear from accidental infection. By default, Android devices block apps from sources other than Google Play and it's a good idea to leave this option turned on.
Without a foothold in Google Play, someone would have to link you to the app and convince you to install it. You should always be wary of links regardless of who sends them, but be particularly skeptical of anything that initiates a download onto your Android. This, of course, assumes that WhatsAppCopy doesn't have its claws in any other apps on Google Play.
For Android users, this is a reminder that messaging isn't always safe. If it's not the NSA looking at your text messages, the companies themselves might mishandle your information. If security is your primary concern, consider other services like TextSecure or Wickr.


No comments:

Post a Comment

Post Top Ad