Android spyware with over 1.5 million downloads sends your data to China - eviltoast

Two file management apps on the Google Play Store have been discovered to be spyware that quietly sends user data to servers in China.

  • Tankaus@lemmy.world
    link
    fedilink
    English
    arrow-up
    123
    ·
    1 year ago

    The fishy apps are File Recovery & Data Recovery and File Manager, according to an alert this week from Pradeo, a leading mobile cybersecurity company. The apps, both from the same developer, are programmed to launch without any input from the user and quietly send sensitive user data to servers based in China.

          • L3s@lemmy.worldM
            link
            fedilink
            English
            arrow-up
            11
            arrow-down
            3
            ·
            edit-2
            1 year ago

            Edit: I’ve realized I’m wrong below. A bot is a bot, and mine is no exception. Sorry to anyone who felt deceived, that was not my intention.

            @BettyWhiteInHD@lemmy.world my apologies for not replying, I read your message while updating a bunch of code for the bot and forgot to reply.

            When I made L4s I had gone through Lemmy’s Code of Conduct, and didn’t see where that was required for bots? If I misunderstood the Code of Conduct I will gladly mark it as a bot, or if the admins of lemmy.world clarify to me they want it to be done. Please let me know if you are aware of where it is required, as I want to abide by the the rules here, and don’t want to annoy anyone. Maybe @ruud@lemmy.world could clear this up for me, I know he is extremely busy though.

            The goal of L4s is to help jump-start communities and content, and I felt 99% of people uncheck “show bot accounts” since they don’t want what would be the equivalent of “automod”, spellchecker bots, etc to show up - not something that’s bringing them content they subscribed to or previously enjoyed on reddit.

            So far it’s helped multiple communities that way (see !technology@lemmy.world prior to its posts, and a few days after, it’s now the largest “active users” community on all instances), and has sparked a lot of conversations in the posts. The reason I bring that up is most have not complained about the fact it’s not checked, even though I do not hide that it’s a bot in any way, and most enjoy seeing the content it posts. Checking that would mean that those who don’t quite understand there are content bots, would no longer see these posts.

            Also, yes, I’m a mod here. My role irl is very deeply technology related, that is what I enjoy. In my free-time I have been trying to make Lemmy.World one of the best instances as far as content, and helping keep !technology@lemmy.world on-topic and toxic free.

            • Rentlar@lemmy.ca
              link
              fedilink
              English
              arrow-up
              19
              ·
              1 year ago

              I second the suggestion to mark @L4s@lemmy.world as a bot. Regardless of what the CoC says, it would be unethical not to.

              In this thread people were complaining about how the body contained insufficient information, and the copied title of the article is click bait. A human poster would be able to respond to these concerns whereas a bot cannot.

              I think it would be overall healthier for the Fediverse as a whole if the bot-marking feature was widely respected and exceptions like this not being taken.

              • eroc1990@lemmy.parastor.net
                link
                fedilink
                English
                arrow-up
                12
                ·
                1 year ago

                This was my main concern. It felt very low effort and felt like a Reddit karma farmer, not a bot meant to spark discussion within the community. I wouldn’t have had an issue with the content if it was clear that the post was made by a bot.

              • L3s@lemmy.worldM
                link
                fedilink
                English
                arrow-up
                11
                arrow-down
                1
                ·
                edit-2
                1 year ago

                Edit: I’ve realized my mistake and will just leave it on, my bot is not above any other, and my goal doesn’t justify not checking the box.

                That’s a fair point, and seeing that a lot of people would prefer it be on, I will probably reconsider my stance regardless of what the admins say.

                • Rentlar@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  6
                  ·
                  1 year ago

                  I still appreciate your work in modding and creating tools that help make Lemmy.world thrive. Thanks for your consideration as well.

              • L3s@lemmy.worldM
                link
                fedilink
                English
                arrow-up
                3
                arrow-down
                7
                ·
                edit-2
                1 year ago

                And respectfully, I don’t think it’s up to you to make that distinction for users that choose to opt out of seeing bot accounts.

                Not to sound rude here, but I feel the same about you asking me to check that box.

                Again, if the admins request me to check it, I will do it - or if the Code of Conduct changes. Lets see what they say in the post you made on !support@lemmy.world and go from there.

                I was rude and wrong here.

                • cyanarchy@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  4
                  ·
                  1 year ago

                  Not to sound rude here, but I feel the same about you asking me to check that box.

                  Task failed. These provisions were made with the expectation that individuals such as yourself would act in good faith. It’s alarming to hear that a moderator of any community feels they are above that standard.

            • techt@lemmy.world
              link
              fedilink
              English
              arrow-up
              6
              ·
              1 year ago

              I agree with the sentiment from the others here, but I also wanted to add that as a general rule, you shouldn’t behave in a way that would be detrimental for the community if everyone did it. Bots should be marked as bots, or the user preference switch to show content from bots is meaningless regardless of how positive or influential you think yours is – as I’m sure most bot creators feel about their own work.

              It’s understandable that you want to have a positive impact, and that is commendable, but your bot shouldn’t be an exception just by your own judgment, especially considering the problems with what the bot is doing that have been pointed out to you.

              Just my take. I would prefer your bot, and all bots, be marked as such irrespective of function.

              • L3s@lemmy.worldM
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                1 year ago

                Yes. If you keep reading, I acknowledge that. A bot is a bot, mine is no exception.

        • eroc1990@lemmy.parastor.net
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          I noticed that after my comment. Still a low quality post from a bot seemingly farming for clicks through to articles, where a description summary from a human or better parsing from the bot could have improved the quality of the post.

          • TheGoldenGod@lemmy.world
            link
            fedilink
            English
            arrow-up
            5
            ·
            1 year ago

            Agreed, the amount of clicks for the article would increase exponentially if they actually added context for those of us who never click these links.

  • betterdeadthanreddit@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    2
    ·
    1 year ago

    I’m sure it was an honest mistake. Who hasn’t tried setting up a println("Hello World") and accidentally forwarded all their keylogger data to the CCP?

    • The_Vampire@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Who said the US wasn’t bad?

      This is just a strawman argument, just because we’re talking about being lit on fire does not mean the alternative of being dipped in acid is good but you know I’d rather not be simultaneously lit on fire while being dipped in acid if I can help it.