A study carried out recently but mobile security company, Lookout discovered that four apps available on the app store are running software that allows the app to collect details on the users’ location, who they have been emailing and when.
“The information is incredibly valuable to an attacker who wants to find out where a person is and who they’re talking with” said Kristy Edwards, product manager for security research at Lookout.
One of the apps that has this malicious software installed called Embassy, lets users look up their nation’s embassy in foreign cities. Unbeknown to the user, the app has collected contact details and sent email lists to accounts hosted on Amazon and Facebook,
The other three apps advertised themselves as news apps but didn’t even work when the user opened them, however they all contained the software that Lookout has dubbed Overseer.
Edwards is unable to identify the creator of Overseer; however, she has said that the software avoids detection in a very unique way.
Malicious software can usually be detected as it sends data to unusual servers in foreign countries. Overseer sends information to a Facebook hosted account which makes it very difficult to catch.
Google have since removed the apps from the Google play store but declined to comment further.