Android App Analysis Uncovers Seasonal Shopping Risk

Android App Analysis Uncovers Seasonal Shopping Risk
Researchers scanned 4,200 Android apps and found many exhibit malicious behavior or have a dangerous level of permissions.

Be careful what you download: A recent analysis of 4,200 Android applications reveals how attackers leverage mobile apps to defraud users, especially during the holiday shopping season.


Barracuda Networks researchers analyzed more than 4,200 holiday-related Android apps, such as shopping apps, themed games, and Santa video chats. Seven exhibited malicious behavior, such as replacing the app with a version downloaded from the Internet via a C2 server. Thirty-five contained adware, while 165 had "excessive or dangerous combination of permissions."


Senior security researcher Jonathan Tanner says he was surprised by the nature of some holiday apps. When searching for Black Friday and Cyber Monday apps, researchers saw many described as "aggregate shopping apps" where users can browse a variety of retail websites.


"I would presume that for some of these sites … the app would require you to enter your account credentials for the specific site, so users would be offering all of their various shopping credentials to a single app that undoubtedly has far less security around protecting this data than the actual shopping sites," says Tanner of the potential risk. Even if the apps are safe from a malware perspective, there is a risk of credentials leaking from a number of sites in one app.


Many of the apps laced with adware seemed to be related to DIY gift projects, which Tanner notes is surprising given the range of apps downloaded. On the surface, many – like those advertising coupons and deals – seem more likely to leverage suspicious ad networks.


Tanner warned of apps requesting more permissions than they need, a risk that merits close attention from users. At least half of the apps that requir ..

Support the originator by clicking the read the rest link below.