Nine Rogue Android Apps to Delete Right Now

Nine popular Google Play apps were actually scams to steal Facebook logins according to a security company. Although Google has removed some of them, they may still be on devices.

All the apps were promoted as performing a simple task and appear to have worked as designed. Although that meant more effort for the developers, the idea was to make users less suspecting that the apps were actually harmful.

The affected apps had the following names and functions:

• App Lock Keep (child safety tool)
• App Lock Manager (child safety tool)
• Horoscope Daily (astrology)
• Horoscope Pi (astrology)
• Inwell Fitness (health)
• Lockit Master (child safety tool)
• PIP Photo (image editing)
• Processing Photo (photo editing)
• Rubbish Cleaner (device optimization)

While the apps all worked as promised, users were told they could access additional features or remove in-app adds by logging in to their Facebook accounts.

Facebook Login Was Legit

The app would then load a genuine Facebook login screen and, once the user typed in their login details, take them to the real Facebook site and automatically log in. However, the app would also pass on the login details to a server operated by the scammers.

Security company Dr Web analyzed the code of the rogue apps and says that although Facebook was likely the target as it is so widely used, there's no technical reason why the approach could have been modified to target other sites and services. (Source: drweb.com)

Google Play Security No Magic Bullet

The code didn't reveal what the scammers did with the stolen login details. The simplest option would be selling batches of account details to hackers on the black market. More sophisticated options include going through the account and either posing as the user to target their friends with further scams, or gathering personal information to use for identity theft.

As well as uninstalling the apps immediately, users who remember typing in Facebook login details should change their password immediately. (Source: lifehacker.com)

It's also a good reminder that while it's safest to stick to Google Play for Android apps, it doesn't offer a 100 percent guarantee that apps are safe. Sticking to well-known and trustworthy app developers can further reduce risks.

What's Your Opinion?

Would you think twice about logging into a social media account while using a third-party app? Should Google remotely uninstall apps from devices when it removes them from Google Play for security reasons? Could it do more to vet apps in the first place or are such scams inevitable?