February 15, 2011

Beware of Embedded Spyware of Mobile Apps

Tim Xia

We have seen quite a few stories about embedding spyware or malware into popular software where careless users can easily download to their PCs. Embedding is a common tactic used to spread malware as it can easily be distributed through self-extracting packages that can be imported to multiple platforms like mobile devices. Mobile users typically have less control of their devices compared to PC users; therefore more care should be taken when installing applications onto mobile devices. 

Today the author of a popular android game Tank Hero - abaybas - claimed that he was approached by a suspicious company who was willing to pay him money to embed a spyware into the game application. Abaybas immediately refused this request and instead, decided to publish details of this proposal on his website. Thanks to him, I can continue to play Tank Hero on my cell phone worry-free. 


It would be good if everyone is as ethical as abaybas. It is better to be safe, so you should only trust applications from legitimate application providers. Some service providers offer security by locking up the mobile device to specific application providers. In addition, the permission list is checked before the installation. Particular attention is paid to applications that require permission, like the one shown below:


Note: The actual list is much longer.


For better safety, mobile security applications provided by security organizations should also be considered.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.