Android fans are once again on high alert about mobile apps lurking on their handsets. There have already been a number of similar warnings over the past few months, but this latest threat could be one of the worst – with experts saying it could affect millions of devices across the world. If you’re one of those impacted, you need to act fast.
The security team at VPNpro, discovered a popular app with over 100 million installs has been requesting potentially dangerous permissions which could leave anyone who has downloaded it open to attack. Hackers could also use personal details stolen from the app to make money behind your back.
The app, known as VivaVideo, is one of the biggest free video editing apps for Android. Although it might appear harmless enough, it seems that once the app is installed it will request access to numerous settings, including being able to read and write files to external drives, plus getting access the user’s specific GPS position even when they’re not using the application.
Clearly, not all of this data is required to trim a video clip to share on your social media account and the fact it wants to know where you are is a concern. One of the most lucrative data types for bad actors is accurate location data as this can allow apps to send an update of where you’ve been 14,000 times per day – even when you’re not using the app.
READ MORE: Android ALERT: Google Play Store apps pose massive risk and they could be on your phone
This data can net app developers a good sum of money, with some data brokers paying $4/month for every 1,000 active users. This is not the first time that VivaVideo has been under the spotlight as it was identified as spyware by the Indian intelligence community in 2017 with a recommendation to delete it immediately.
The company behind the app, QuVideo Inc, also has a number of other services available on the Play Store with VPNpro stating that they could all be being used to sell information to data brokers. There’s also the possibility that more malicious things happening in the background.
Out of the 5 confirmed apps within the QuVideo network, two have a known history of malware, one spyware, and another a remote access trojan.
The apps include VivaVideo • VivaVideo PRO Video Editor HD • SlidePlus – Photo Slideshow Maker • Tempo – Music Video Editor with Effects • VivaCut – Pro Video Editor APP • VidStatus – Status Videos & Status Downloader
These apps have more than 157 million installs combined. But the number is likely much bigger – while VivaVideo’s Google Play page shows it has 100 million+ installs, its About Us page shows that it already has 380 million users worldwide.
If you want to keep using any of the apps but are concerned about this latest news then VPNpro says it’s a wise move not granting the dangerous permissions these apps are requesting. Alternatively, if users still don’t feel comfortable with this, they always have the option to delete the apps entirely.