Here we go again—please don’t install trivial apps from random developers because they seem fun and have tons of downloads on the Play Store. The latest warning has come from the research team at CyberNews, exposing “camera apps with billions of downloads [that] might be stealing user data and infecting them with malware.”
The team focused on so-called “beauty cameras,” you know the drill—flash filters to spice up or add comedy filters to selfies before they’re posted and shared. And while users expect “a makeup or cartoon filter,” CyberNews warns, “you’re not expecting these apps to scrape and sell your data, plague you with nonstop, malicious ads, redirect you to phishing websites, or even spy on you.”
But that’s exactly what happens. The team analysed the top “beauty camera” search results on the Play Store, and didn’t have to delve deep. The report from CyberNews says that BeautyPlus, the number-one app with 300 million installs, “was identified as malware or spyware,” its developer alleged to be collecting data on servers back in China from where it was being sold. That would be your data, remember.
As we so often see, most of the apps emanate from China. And, again as we so often see, several were linked back to the same developer network. Those common developer roots mean common code sets and methodologies. More apps simply means more downloads. More users. More data. More money.
If your suspicions are not triggered by these free apps with countless downloads by now, then take a look at the permissions being requested. That’s the danger here. These apps will often look for access to your data, contacts, camera, even your phone. And whatever threat they represent in themselves—perhaps simply selling your basic data to target you with ads, once those permissions are granted, you have left yourself open. Remember, apps such as these link back to malicious operators and their command and control servers. That means your device is connected to them.
Beyond fraudulent ads, apps can target users with phishing messages with links to malicious URLs they can plant malware, arrange the install of further malware, track your device, even—in extreme cases—access elements of your device as spyware.
CyberNews investigated the top-30 search results, finding an app that turns on a user camera without asking permission first, another app installing malware through its software, even an app accused of “sending users pornographic content, redirecting them to phishing sites, or collecting their pictures.” The team also found that nearly half the apps access GPS locations, 23 access device microphones and 29 access device cameras—unsurprising for a photo app. 29 of the apps also seek permission to read user data. Once those permissions are granted the apps have free rein.
As ever with such malicious apps, a small number of permissions are genuinely required to function as advertised. But a raft of other permissions are requested by almost all of them. Let’s face it, these operators are not plugging legitimate software. Even the most benign are seeking to sell dodgy ads. So you can assume harm from all.
The full list of 30 apps can be found here and is listed below:
- BeautyPlus – Easy Photo Editor & Selfie Camera
- Beauty Camera – Selfie Camera
- Selfie Camera – Beauty Camera & Photo Editor
- Beauty Camera Plus – Sweet Camera & Makeup Photo
- Beauty Camera – Selfie Camera & Photo Editor
- YouCam Perfect – Best Selfie Camera & Photo Editor
- Sweet Snap – Beauty Selfie Camera & Face Filter
- Sweet Selfie Snap – Sweet Camera & Beauty Cam Snap
- Beauty Camera – Selfie Camera with Photo Editor
- Beauty Camera – Best Selfie Camera & Photo Editor
- B612 – Beauty & Filter Camera
- Face Makeup Camera & Beauty Photo Makeup Editor
- Sweet Selfie – Selfie Camera & Makeup Photo Editor
- Selfie camera – Beauty Camera & Makeup camera
- YouCam Perfect – Best Photo Editor & Selfie Camera
- Beauty Camera Makeup Face Selfie, Photo Editor
- Selfie Camera – Beauty Camera
- Z Beauty Camera
- HD Camera Selfie Beauty Camera
- Candy Camera – selfie, beauty camera & photo editor
- Makeup Camera-Selfie Beauty Filter Photo Editor
- Beauty Selfie Plus – Sweet Camera Wonder HD Camera
- Selfie Camera – Beauty Camera & AR Stickers
- Pretty Makeup, Beauty Photo Editor & Selfie Camera
- Beauty Camera
- Bestie – Camera360 Beauty Cam
- Photo Editor – Beauty Camera
- Beauty Makeup, Selfie Camera Effects & Photo Editor
- Selfie cam – Bestie Makeup Beauty Camera & Filters
You can check to see if any of them have been downloaded, and if so, ensure they are deleted right away. But, here’s some simpler advice. If you have installed any kind of beauty camera from the Play Store, it might be an idea to delete it just in case. “There are bigger, more dependable apps out there that have similar features,” CyberNews suggests, apps that are “more accountable and with a clearer ownership structure.”
The team suggests the likes of Messenger, Snapchat and Instagram. I don’t have to remind you of the issues that those apps also have, albeit of a different variety and scale. And so the core advice to be careful what you download and the permissions you grant is relevant for everything on your device. No easy answers, I’m afraid.