Pre-installed weather app has been harvesting email addresses and mobile identity numbers
Android users have another security scare on their hands after security experts warned that a pre-installed weather app is harvesting personal data.
The warning, from security specialists Upstream Systems, alleges that ‘Weather Forecast – World Weather Accurate Radar’ found on both the Google Play Store and pre-installed on Alcatel and Blackberry-branded smartphones, is syphoning off personal data.
The app is made by China-based TCL Communication Technology Holdings Ltd, which also manufactures the BlackBerry and Alcatel smartphones under licence.
The app is popular, having been downloaded more than 10 million times.
Upstream Systems said it begun its investigation after “an unusually high number of fraudulent transaction attempts in Brazil and Malaysia” from Alcatel devices.
Digging deeper, Upstream Systems alleged that it had “ identified that a pre-installed Weather forecast application, siphons a lot of data and attempts the fraudulent transactions.”
“It collects and transmits geographic locations, email addresses, IMEIs to a server in China and has a number of privacy invasive permissions on the device,” stated Upstream Systems.
“Had it not been blocked it would have succeeded to subscribe users on Alcatel phones in countries like Brazil, Malaysia and Nigeria to paid services for which users would have been billed more than $1.5 million,” the security firm added.
The Upstream Systems researchers placed an Alcatel hadnset in a sandbox and “the com.tct.weather Android application immediately initiated calls to servers that are not related to the application’s main function.”
The app also then in the background began accessing web pages with digital ads, and then began clicking the buttons on those pages, committing click fraud, said Upstream.
Advertising click fraud is where a malicious app or process bombards websites with false traffic to earn advertising revenue.
“Tens of millions of Android Smartphone users across the globe are being affected similarly when downloading TCL’s Weather-Simple weather forecast from Google’s official Play Store,” wrote Upstream. “Overall, whether pre-installed on Alcatel devices or downloaded from Google’s official Play Store, the application com.tct.weather has generated over 27m fraudulent transaction attempts across 7 markets.”
Android phones have been plagued with security scares for years now.
Last month for example security firm Sophos identified 22 Android apps that were compromised with malware to enable advertising click fraud.
Last year Avast warned that many affordable Android smartphones ship preloaded with malware out of the box.
The firm identified over several hundred phones from the likes ZTE, MediaTek, Archos and Blaupunkt, among others as being shipped with the Cosiloon adware, which is reportedly very difficult to remove.
Do you know all about security? Try our quiz!