By Song Wang (Mobile Threat Analyst)
At the start of the year, Google updated its permission requests in Android applications, and in particular, restricted access to SMS and CALL Log permissions. Google also added requirements for non-default applications (or those that don’t provide critical core features), allowing them to prompt and ask users for permission to access the device’s data.
This restriction is meant to prevent fake or malicious apps from abusing these features to deliver malware, steal personally identifiable information, or perpetrate fraud. But as last year’s mobile threat landscape showed, fraudsters and cybercriminals will always try to follow the money, whether fine-tuning their strategies, finding ways to bypass restrictions, or, in a recent case we’ve seen, revert to old but tried-and-tested techniques.
This is recently exemplified by an app we found on Google Play named “Yellow Camera” (detected by Trend Micro as AndroidOS_SMSNotfy), which poses as a camera and photo beautification or editing app — an increasingly common trick we’ve observed, what with the various information-stealing as well as malware- or adware-ridden apps we’ve uncovered so far this year. While the functions work as advertised, it is embedded with a routine that reads SMS verification codes from the System Notifications, and, in turn, activate a Wireless Application Protocol (WAP) billing. We disclosed our findings to Google, and the app, along with si ..
Support the originator by clicking the read the rest link below.
/Carrier Billing){kind=link}