Google Play Store Archives - Hack Ware News https://hackwarenews.com/tag/google-play-store/ News, ethical hacking, cyber crime, network security Mon, 08 Oct 2018 14:53:52 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 Fortnite and the Dangers of Sideloading https://hackwarenews.com/fortnite-and-the-dangers-of-sideloading/ https://hackwarenews.com/fortnite-and-the-dangers-of-sideloading/#respond Tue, 28 Aug 2018 23:03:08 +0000 https://hackwarenews.com/?p=4878 Fortnite and the Dangers of Sideloading. Unlike apps from the Apple App Store (unless jailbroken), Android apps can be installed by other means aside from Google Play. They can be installed from other ‘app stores’ or can be directly installed on Android devices through the process of sideloading where the apps can be downloaded directly […]

The post Fortnite and the Dangers of Sideloading appeared first on Hack Ware News.

]]>
Fortnite and the Dangers of Sideloading. Unlike apps from the Apple App Store (unless jailbroken), Android apps can be installed by other means aside from Google Play. They can be installed from other ‘app stores’ or can be directly installed on Android devices through the process of sideloading where the apps can be downloaded directly from the developers’ websites and saved on the devices or onto MicroSD cards and loaded from there.

This is the route that the developers of the highly popular game Fortnite, Epic Games, took and didn’t release their game via Google Play. Because of the popularity of Fortnite and the innate dangers of sideloading, Google warns that there could be disastrous effects for doing this.

Earlier, Epic Games announced that they won’t be distributing the Android version of their game at the Google Play Store which has been considered an unwise move. Ditching the walled garden approach and going back to the old way of installing things like in Windows forgoes the additional layer of walled garden security.

Though it can be debated that neither Apple or Google actively curate the millions of apps on their respective app stores and have time for the hundreds more that come in every day.

Epic’s motivations to not release Fortnite on Google Play include a more direct relationship with their customers and not to pay Google their 30 percent. They don’t have much of a choice with iOS but given Google’s more open nature, they decided to skip the latter. Kind of greedy on Epic’s part but…

Epic wants to have a direct relationship with our customers on all platforms where that’s possible… The great thing about the Internet and the digital revolution is that this is possible, now that physical storefronts and middlemen distributors are no longer required… 30 percent is disproportionate to the cost of the services these stores perform, such as payment processing, download bandwidth, and customer service…

–Tim Sweeney, CEO, Epic Games, Email to The Verge

Now Google might have sour grapes on this but the company continues on its job at monitoring security threats from its own products or otherwise. For one thing, Google warns players that it indeed doesn’t have Fortnite: Battle Royale in Google Play. Players should be careful not to download fake Fortnite apps that are actually malware.

So much for walled garden curating as there are thousands of fake and low quality apps within Google Play that include fake battery monitors and me-too apps that coast on the popularity of the mainstream; much like putting a dash (-) between Spider and Man to escape copyright problems.

Another seemingly sour grape reaction, and one that everyone interested in Fortnite needs to take seriously, is that Google’s security researchers evaluated Epic’s Android Fortnite Installer and found a serious security flaw, and much to Epic Games’ dismay disclosed it publicly.

So instead of the Fortnite APK, attackers could punch through the security hole to manipulate the installation process and install something else. Fornite’s popularity makes it an attractive candidate to become a vector for malicious attacks. Installers in the wild, not directly downloaded from Epic’s site can also be manipulated much like any other pirated app installer.

So there are no hard feelings, Google demonstrated a proof-of-concept that the installer is indeed vulnerable via the man-in-the-disk method that allow malicious apps to manipulate the data of other apps held in the unprotected external storage before the data is read, allowing for the installation of malicious apps instead of the real app or its updates.

Google doesn’t recommend sideloading since any app on a device with the WRITE_EXTERNAL_STORAGE permission could intercept the installation and replace installation file with another malicious APK, possibly including full permissions to SMS, call history, GPS, and others.

Epic Games acknowledged the problem, fixed it and thanked Google for their efforts but criticized the company at the same time via Twitter.

We asked Google to hold the disclosure until the update was more widely installed. They refused, creating an unnecessary risk for Android users in order to score cheap PR points… But why the rapid public release of technical details? That does nothing but give hackers a chance to target unpatched users

–Tim Sweeney, Twitter

Fortnite players need to update their Android installers to the new version or they’ll have more than zombies to worry about.

The post Fortnite and the Dangers of Sideloading appeared first on Hack Ware News.

]]>
https://hackwarenews.com/fortnite-and-the-dangers-of-sideloading/feed/ 0
Powerful Android Spyware Can Record Almost Anything On Infected Devices https://hackwarenews.com/powerful-android-spyware-can-record-almost-anything-on-infected-devices/ https://hackwarenews.com/powerful-android-spyware-can-record-almost-anything-on-infected-devices/#respond Mon, 27 Aug 2018 12:34:22 +0000 https://hackwarenews.com/?p=4855 Powerful Android Spyware Can Record Almost Anything On Infected Devices. Cybercriminals are turning legitimate apps into intrusive and sophisticated spyware, armed with extensive surveillance capabilities that can capture and record your calls, messages, photos and videos.   Security researchers at Bitdefender discovered a threatening malware framework, referred to as “Triout”, on the Android platform. It […]

The post Powerful Android Spyware Can Record Almost Anything On Infected Devices appeared first on Hack Ware News.

]]>
Powerful Android Spyware Can Record Almost Anything On Infected Devices. Cybercriminals are turning legitimate apps into intrusive and sophisticated spyware, armed with extensive surveillance capabilities that can capture and record your calls, messages, photos and videos.

 

Security researchers at Bitdefender discovered a threatening malware framework, referred to as “Triout”, on the Android platform. It has the power to spy on, monitor and record infected devices while remaining completely hidden, leaving the device’s owner entirely unaware of what’s happening.

 

The malware was contained within what appeared to be a regular app, but was in fact a repackaged version. This version maintained the appearance, description and details of the original Android app, and even functioned just like it, in order to stealthily keep the downloader unaware of its malicious nature. In this particular case, an adult app named “Sex Game” was the trap.

 

Triout works by capturing data and relaying it back to an attacker-controller command and control (C&C) server. It appears that this server has been operational since May 2018, although so far there’s been no concrete evidence pointing towards who the attackers are or where they are from.

 

Once a system has been compromised by Triout, a variety of spying operations can be performed on it without the device owner’s knowledge. Some of the key capabilities include:

 

  • Recording phone calls
  • Logging incoming SMS messages
  • Recording call logs (including names, numbers, dates, durations, etc.)
  • Capturing copies of every picture taken or video recorded by any of the device’s cameras
  • Collecting the GPS location data

 

All of this data is sent back to a remote C&C server. This is extremely dangerous and a severe violation of an individual’s privacy.

 

It is believed that the malicious app ended up on victim’s devices via third-party app stores or other domains, rather than the Google Play Store. The best way to protect yourself from falling victim to attacks like these is to only download apps from trusted and verified sources. Additionally, think carefully before granting apps permission to read your messages, access your call logs, see your GPS data or collect any other kind of device data.

Photo by Samuel Zeller on Unsplash

Photo by Pathum Danthanarayana on Unsplash

The post Powerful Android Spyware Can Record Almost Anything On Infected Devices appeared first on Hack Ware News.

]]>
https://hackwarenews.com/powerful-android-spyware-can-record-almost-anything-on-infected-devices/feed/ 0