The Connection, Inc Blog

The Connection, Inc has been serving the New Jersey area since 1992, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.
Categories
Tags
Categories:   All Categories
Suggested keywords
x

Just Because an App is on the Google Play Store, Doesn’t Mean it’s Safe

Just Because an App is on the Google Play Store, Doesn’t Mean it’s Safe

If your employees are given an Android device to use for work, or if they bring in their own as a part of BYOD, you may want to pay special attention to what follows.

Google has just removed a piece of malware that managed to make its way into the listings of the Google Play Store. Disguised as a strategic card game called “Beaver Gang Counter,” the malware seemed at first glance to be a harmless enough app to download as a way to pass some time every now and then. This impression unfortunately turned out to be inaccurate for a few different reasons.

So Why Was it a Threat?
First, the app itself reportedly was a bit of a one-trick pony, losing any of its entertainment appeal very swiftly. Of course, what does one do with an app that one has grown bored with and no longer wants? One deletes it, to make room for other apps that one will have more use for, but not before the second factor that makes the “harmless” impression inaccurate comes into play.

The disguised malware would specifically target those whom also had Viber, the vastly more popular communications app, installed on their device. Once the Beaver Gang Counter app was installed, the malware would access the directories contained in Viber as well as uploading any of the user’s Viber images to an external website.

Google has since denied Beaver Gang Counter from the Play Store, and thus far it seems that little damage was done. However, the entire situation asks the question: how did this happen?

There were ultimately a number of factors that led to Beaver Gang Counter having the ability to access files belonging to another app - an ability that the Android platform is supposed to block. However, the measures put in place by Android do nothing to prevent the review of data saved on the SD removable storage.

Due to the expectation of inter-device compatibility that comes with SD cards, the inter-app file sharing that Android usually blocks is left unfettered in the SD storage, depending on the permissions granted at install. Therefore, if assigned to SD memory (as it would have been in almost all cases), Beaver Gang Counter could potentially access any and all data saved to the SD - the malware developers had simply chosen to target Viber users specifically.

So What Happened?
However, there’s an excellent case to be made that the app should never have reached the Google Play storefront at all, and that Google’s review process seems to need some work.

Upon opening the app, you are brought to the game’s main menu screen, with the following options: Help, Players, Statistics, and the all-important New Gane. Yes, you read that right. New Gane. There was a spelling mistake, right there on the most important element of the main menu, visible from the download screen itself, that Google either missed or disregarded without digging any deeper.

What Does this Mean for my Business?
While Beaver Gang Counter didn’t target anything that would likely damage a business if the malware infiltrated a business-provided or BYOD-implementing device, it really makes one consider how many other apps may be out there that could potentially cause harm to a business through similar actions. The only truly clear lesson to be learned from this story is that Google isn’t infallible, and so they cannot be relied upon to defend your company from all threats that are sent through their systems. Ultimately, it falls to you to pick up the slack, and so you should implement the following best practices.

  • Steer clear of unknown apps: If nobody is talking about an app, there’s a better chance that it is a less safe option (and that’s the best case scenario). Avoid utilizing unknown and unreviewed apps on business devices. Furthermore, despite their failure to catch Beaver Gang Counter, Google’s marketplaces for apps are still much safer than the unregulated Android marketplace that are out there.
  • Keep important data on your actual device: Clearly, Android prioritizes the protection of data on its native storage over that of data stored on removable media. Therefore, you should keep this in mind as you elect where to store data of different levels of importance, critical files on the device itself.
  • Set terms for employee devices: This will admittedly be simpler to enforce with company-provided devices, as BYOD relies on the employee using their own property and therefore a device that they have control of. While you may disable non-company approved apps in devices provided by the company, you may have to take a few extra steps to implement a BYOD policy. A mandatory security solution may be a fair term for an employee wishing to use their own device, as well as required security best practice training.
  • By implementing these practices, you just may be able to keep an issue like this one from affecting your company sometime down the line.

For more IT news and best practices, be sure to keep checking back on our blog, and be sure to reach out to The Connection, Inc if you have any questions about your own security. Give us a call at (732) 291-5938.

Tags:
Security Malware Apps
Professional Football Teams Use Virtual Reality to...
Tip of the Week: Protect Your Online Identity With...

About the author

George Gremminger

George Gremminger

George's career in high technology systems began in 1985 at ESS in Atlantic Highlands, NJ, where he spent two years doing voice & data cabling, phone system installation, and service & maintenance. He then spent four years with Atlantic Telecom Services in Leonardo, NJ running their service and installation department, honing his skills in fiber optic lines, cabling, and phone systems.

In 1992, George drew on his years of experience and established The Connection, Inc.

As Owner, President and Senior Systems Engineer, George oversees all operations on a day-to-day basis. You might find him out in the field troubleshooting a telephone system, on a lift 30 feet in the air hanging fiber optic cable, or in the office helping with hardware or software issues. George is certified in a wide range of technologies and systems, including Microsoft, Sonic Wall, Mitel and Samsung.

George is a dedicated hands-on manager, ensuring every aspect of The Connection, Inc.’s operation runs smoothly. Whether it's 3 AM, or a Saturday afternoon, George is dedicated to helping their customers get connected and Stay Connected! His dedication to the community is clear, as he is a long-time volunteer member and President of the Leonardo First Aid Squad and a long-time volunteer member of the Community Fire Company of Middletown Township.

You can reach George at or 732-291-5938 ext. 500.

Author's recent posts

More posts from author
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 07 November 2024

Captcha Image

Posts by Topic

Tag Cloud

Blog Archive

2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014

Mobile? Grab this Article

QR Code

Free Consultation

team work

Interested in seeing what we can do for your business? Contact us to see how we can help you!

Sign Up Today!

News & Updates

The Connection, Inc Celebrates 32 Years as a Trusted Technology Provider!
The Connection, Inc. Celebrates 32 Years as a Trusted Technology Provider!   Since our founding in 1992, technology and the way we operate and do business has changed a lot. Companies that have adapted and aligned themselves with ...
Read More

Contact us

Learn more about what The Connection, Inc can do for your business.

The Connection, Inc
51 Village CT
Hazlet, New Jersey 07730

Copyright The Connection, Inc. All Rights Reserved. | Privacy Policy