ADVERTISEMENT

These Android privacy apps might be distributing malware and spying on you

Our analysis of the top-ranked privacy vault apps in the Play store led to several eye-opening revelations. Here’s what you should know.

People with smartphones
Edvardas Mikalauskas
Edvardas Mikalauskas Senior Researcher
Apr 27, 2020 Updated: 19 August 2022 7 min read
Cybernews pro tip

Increase your online security and privacy by encrypting your internet connection and hiding your IP address.

Protect your data now
  • Too many permissions: if all it does is move your photos to a secure folder but insists on knowing your location, consider looking for a less invasive app.
  • It’s developed by a company you’ve never heard of: if it’s not made by a reputable developer, consider sticking to safer options from brands you already know and trust.
  • If it’s free, you’re probably the product: many free apps on Google Play engage in unethical advertising or simply mine your data and sell it for profit, so, make sure to take that into consideration before trusting any free app with your privacy.

Methodology

  • The amount and potential risk of permissions the apps are asking for
  • The reputation of app developers, including their location and any potential history of ad fraud, malware, vulnerabilities or unethical practices

Summary of our results

  • 18 out of the top 30 apps are based in China or Hong Kong
  • One app can take your selfie without asking for permission to use your camera
  • One app developer has been accused of committing ad fraud – its privacy vault app with more than half a billion installs has since been removed from the Play store
  • Two top-10 ranked app developers with more than 60 million downloads in total, had apps identified as malware
  • One app developer’s apps were found to be distributing malware
  • These apps are requesting up to 14 dangerous permissions, 4 on average, most of which are unnecessary for the app to function
  • Unnecessary permissions include recording audio, initiating phone calls, getting users’ exact GPS location, and using body sensors
  • One app asks for a massive list of 170 permissions in total

Dangerous privacy apps in Google Play’s top-30 rankings

This privacy app took my selfie without permission

Why, hello there, "intruder"!
ADVERTISEMENT
Notice something missing? Exactly: where’s the permission to use the camera?

Thanks, but no thanks, Video Hider – Privacy Lock

Malware by any other name

Permissions to spy on you

  • 1 app wants the ability to read body sensors that measure things like steps and heart rate
  • 1 app wants the ability to read and create your events on your calendar
  • 1 app wants the ability to initiate internet telephony sessions (SIP)
  • 3 apps want the ability to initiate phone calls
  • 5 apps want to access your contacts list
  • 5 apps want the ability to add new contacts to your phone
  • 7 apps want the ability to record audio
  • 6 apps want access to your GPS location
  • 8 apps want access to your coarse location (via cell towers and wifi networks)
  • 9 apps want access to your phone state
  • 26 apps want access to your camera
  • 27 apps want the ability to read files on your device
  • 30 apps want the ability to write files to your device

Why do these apps harvest so much of your data?

Summary

  • Make sure to check what permissions it requires to function. You can do this by tapping About this app in the app description, scrolling down and tapping See more next to App permissions. If you feel that the app is asking for too many dangerous permissions, don’t install it.
  • Check the app’s privacy policy. If the link redirects you to a plain Google Docs document or Blogspot page, if policy seems too short, or is written in unclear, broken English, don’t install the app.
  • Google the app developer. If you notice their name mentioned in malware reports or around unethical behavior scandals, skip the app.
App NameRanking onGoogle Playfor "privacy app"Installs March 2020Number of dangerous permissions
Privacy Master - Hide, AppLock#1500,0003
Video hider - privacy lock#2100,0001
App Lock - Privacy lock#3500,0002
Video Vault - photo hider & privacy keeper#4500,0004
Sgallery - Hide photos, hide videos, gallery vault#5100,0003
Vault - Hide Pics & Videos, App Lock, Free Backup#650,000,0009
LOCKit - App Lock, Photos Vault, Fingerprint Lock#710,000,0006
AppLock - Privacy Guard#81,000,0005
Private Photo, Video Locker#95,000,0007
Privacy AppLock - Apps & Photo & Fingerprint#1050,0002
Lynx Privacy-Hide photo/video, Free 5GB Backup#11500,0003
Calculator - Photo Vault hide photos & videos#121,000,0003
AppLock - Lock Apps & Privacy Guard#131,000,0003
Photo Vault PRIVARY: Hide Photos, Videos & Files#141,000,0003
Calculator Vault : App Hider - Hide Apps#155,000,00014
NEV Privacy - Files Cleaner, AppLock & Vault#16500,0003
Hide Photos, Video and App Lock - Hide it Pro#1710,000,0005
Calculator - Photo Vault & Video Vault hide photos#185,000,0003
Calculator Lock – Lock Video & Hide Photo – HideX#1910,000,0004
AppLock#205,000,0003
LOCKED Secret Album = Hide Photo Vault, Video Safe#2150,0003
Calculator Photo Vault - Hide Photos & Videos#22500,0003
Keepsafe Photo Vault: Hide Private Photos & Videos#2350,000,0003
Phantom.me: Invisible & complete mobile privacy#24100,0006
AppLock - Lock Apps & Security Center#251,000,0007
PrivacyGuard-Lock#26100,0005
Private Photo Vault#2710,000,0007
Private App Lock#28100,0002
Applock - Fingerprint Password#2910,000,0003
Security Master - Antivirus, VPN, AppLock, Booster#30500,000,0009
ADVERTISEMENT