Hello, welcome to the Monday, September 23rd, 2019 edition of the Sandsenet Storm Storners, Stormcast.

My name is Johannes Ulrich, and I'm recording from London, England.

Mobile Security Company One Dara came across some suspicious applications in Google's Play Store. Both applications they looked at are selfie apps.

Essentially, applications allow you to apply different filters to images before you upload them,

and both have permissions and are using these permissions to display ads. Of course, there are plenty of mobile applications that use advertisements to monetize the

application itself.

In this case, however, they're going a little bit further than just displaying simple ads.

For example, this application creates a shortcut to itself, then deletes the actual

application icon, making it more difficult to delete the actual application. If a user now

deletes the shortcut, believing that they remove the application, well, they actually didn't. Next,

the application also obtains the system alert window permission.

This allows the application to display full page ads on the mobile device,

and it does at least one of these applications.

Also ask for the receive boot completed permission,

which allows it to launch itself once

the phone is started.

So in the end effect, what you end up with is an application that is hard to install and

that will display full page ads after your phone booted.

Now these applications had pretty bad ratings but still

somehow one and a half million users downloaded them. One of the problems may also be

that probably for many users the Android permission system is a little bit cryptic so they

tend to just click okay in this

...