Google removes several Android apps that steal Facebook passwords


Google Play Store

Mika Baumeister on Unsplash

The number of Android apps is huge, and the number of apps on Google Play alone is unclear. However, as the gatekeeper, Google still has the responsibility to find out if there is a black sheep in it. Ars Technica ReportRefers to Google’s release on Dr WebreportAfter that, nine apps that were accused of stealing users’ Facebook login information were removed from the shelves. It is worth noting that these apps are not unknown, one of which is called PIP Photo has more than 5.8 million downloads! There are also Processing Photo with 500,000 downloads, and several apps with more than tens of thousands of downloads.

These malicious programs will first take the user to the real Facebook login page, but after entering the data, they will intercept the data and steal authentication cookies. There are five variants of the malicious programs discovered, but they all use the same set of JavaScript code and setting file format to steal data, showing the correlation between them.

Google responded to Ars saying that they have blocked the developers of these apps. However, it is not difficult to make a comeback. You can get a new developer account, so the most important thing is that Google needs to be more careful when approving apps.

This time it shows that even if Google actively audits the apps on the Play Store, there will still be fish that slip through the net, and it is more likely to be discovered after it affects a large number of users. Therefore, as a consumer, the most important thing is to do your homework first. Before downloading an unfamiliar app, check the developer’s background information. If you have any questions, don’t download it.

Posted on