Ahh the security of BlackBerry...I appreciate it more everyday.
- Android game steals WhatsApp chats and offers them for sale
Android game steals WhatsApp chats and offers them for sale
If you're new here, you may want to subscribe to the RSS feed, like us on Facebook, or sign-up for the free email newsletter which contains computer security advice, news, hints and tips. Thanks for visiting!
An Android game has been removed from the official Google Play store after it was found to be secretly stealing users? WhatsApp conversation databases, and offering them for sale on an internet website.
The game, Balloon Pop 2, is nothing to write home about ? but behind its simple exterior lies the ability to scoop up private conversations that you may have made via WhatsApp on your Android device, and upload them to a website called WhatsAppCopy.
The attacker can then visit the WhatsAppCopy website, enter the phone number of the Android device they are targeting, and (for a fee) access the private conversations.
Install the game, find your phone, read your conversations
FREE Try it, it works!
The WhatsAppCopy website openly advertises the BalloonPop2 game as a way of ?backing up? a device?s WhatsApp conversations.
Of course, the people behind the website and the BalloonPop2 game would probably argue that they are providing a legitimate service to people who want to create a remote backup of their WhatsApp conversations, and it?s not their fault if the game is misused by people trying to snoop on other people?s privacy.
However, if that were really the site?s intentions, wouldn?t it be appropriate if a big fat unavoidable warning message was displayed before the game did its dirty deed ? giving users the option to realise what was occurring and opt out if they wanted?
Google clearly takes a dim view of the app, as it has now removed it from the official Google Play Android app store.
But, of course, it?s quite possible that the app will be widely distributed via unofficial stores ? and future versions could be distributed using other disguises than a balloon-popping game.
Clearly, there are a few lessons to be learnt here.
One is that just because an app is in the official Google Play store, it cannot necessarily be trusted. Google, unfortunately, has a pretty poor record in policing its Android app store. This isn?t the first time that a dodgy app has been found up there, and it won?t be the last. Google, can you please get your act together? Your chairman?s claims that Androids are more secure than iPhones are laughable.
At least Apple has tight reins over the programs which make it into the iOS store for iPhones and iPads.
Second, WhatsApp needs to get better at security. If Android is going to allow apps like BalloonPop2 to scoop up users? private conversations, then maybe WhatsApp (and similar programs) need to do a better job of encrypting those conversations on the device itself.
Security researchers at McAfee tell me that they are adding detection of the offending BalloonPop2 application as Android/Ballonpoper for their customers, and I imagine other vendors will follow in due course.
CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.12-07-13 02:29 PMLike 0 -
CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.12-07-13 02:40 PMLike 4 -
Having said that, security is still up to the user as it always has been - if the app is asking for suspicious permissions, you really shouldn't be installing it in the first place.Bolderholder and bp3dots like this.12-07-13 02:43 PMLike 2 - This happens often, android is a rich environment for data farming which is why it has as many apps as it does. Google doesn't regulate anything and your battery/flash light apps need permissions to your "contacts, email, phone identifying serial number, ability to make phone calls and steal whatever they want' in exchange for your free usage of their app.
Android is a disaster.
Posted via CB1012-07-13 02:45 PMLike 0 - I can only assume it's a matter of app permissions. On Android, permissions are all or nothing - you can't pick and choose them like you can on BB10. Google also has the most lax app approval process of all the platforms, though in fairness we really can't say whether or not BlackBerry would have spotted this issue in their own approval process.
Having said that, security is still up to the user as it always has been - if the app is asking for suspicious permissions, you really shouldn't be installing it in the first place.
CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.12-07-13 02:46 PMLike 0 - You think a blackberry app can grab ur whatsapp convos and upload it to another server? Without you knowing? ..i don't think so
CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.
This is the same as granting GPS access to a flashlight app, then the app stores that data for tracking. If you acknowledged the permissions then you are letting it happen. The end user is always the weakest link. I cant find the permissions for the balloon app but i am going to guess its fairly open and wants access to alot and most users say "sure why not." Whatsapp shouldnt be storing the convos non encrypted either. This is privacy 10112-07-13 02:47 PMLike 14 - This happens often, android is a rich environment for data farming which is why it has as many apps as it does. Google doesn't regulate anything and your battery/flash light apps need permissions to your "contacts, email, phone identifying serial number, ability to make phone calls and steal whatever they want' in exchange for your free usage of their app.
Android is a disaster.
Posted via CB1012-07-13 02:51 PMLike 8 -
Posted via CB1012-07-13 02:55 PMLike 0 -
So here is the permissions. It has accounts listed. Therefore this was basically given access when the user installs it. Then it probably could log all whatsapp conversations from that point on.
Again the user should be able to see that this is probably up to no good easily.
If BB would check all permissions before apps are approved and see this and stop it then I agree BB security is +1, but something tells me they don't.JR A and pantlesspenguin like this.12-07-13 02:55 PMLike 2 - And I agree it would be nice to deny the permission before installing the app. You can do it after the app installs but that could be all it takes for the app do its thing even without opening12-07-13 02:58 PMLike 0
- That doesn't really make sense, since that's the entire user base and they have no choice in setting permissions.So you're saying the user base shouldn't download any apps which in turn would in turn would render the Android platform useless. Maybe the apps should be written to select permissions before downloading. Case closed, right??12-07-13 02:58 PMLike 0
- It would certainly be Android's fault if they were not making clear what the ramifications of providing asked for permissions would be. For instance, there was an article recently about an app--Brightest Flashlight--that was also up to no good, and was censured (by the FTC, no less.) This app is rated 4.8 on 1 million+ reviews (if I'm reading the number right.) Are you telling me 1 million+ Android users are to blame here while Android/Play Store skates by free?Omnitech likes this.12-07-13 03:02 PMLike 1
- What I'm saying is, ok yes u agree to accounts permission, but does it then tell u that it's going to take your whatsapp convos? Nope, does it tell u its uploading it? Tgat other people can access it? Nope,
And it's a freaking game, whose going to suspect a game will do this?
CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.canuckvoip likes this.12-07-13 03:04 PMLike 1 - Android game steals WhatsApp chats and offers them for sale
Android game steals WhatsApp chats and offers them for sale
If you're new here, you may want to subscribe to the RSS feed, like us on Facebook, or sign-up for the free email newsletter which contains computer security advice, news, hints and tips. Thanks for visiting!
An Android game has been removed from the official Google Play store after it was found to be secretly stealing users? WhatsApp conversation databases, and offering them for sale on an internet website.
The game, Balloon Pop 2, is nothing to write home about ? but behind its simple exterior lies the ability to scoop up private conversations that you may have made via WhatsApp on your Android device, and upload them to a website called WhatsAppCopy.
The attacker can then visit the WhatsAppCopy website, enter the phone number of the Android device they are targeting, and (for a fee) access the private conversations.
Install the game, find your phone, read your conversations
FREE Try it, it works!
The WhatsAppCopy website openly advertises the BalloonPop2 game as a way of ?backing up? a device?s WhatsApp conversations.
Of course, the people behind the website and the BalloonPop2 game would probably argue that they are providing a legitimate service to people who want to create a remote backup of their WhatsApp conversations, and it?s not their fault if the game is misused by people trying to snoop on other people?s privacy.
However, if that were really the site?s intentions, wouldn?t it be appropriate if a big fat unavoidable warning message was displayed before the game did its dirty deed ? giving users the option to realise what was occurring and opt out if they wanted?
Google clearly takes a dim view of the app, as it has now removed it from the official Google Play Android app store.
But, of course, it?s quite possible that the app will be widely distributed via unofficial stores ? and future versions could be distributed using other disguises than a balloon-popping game.
Clearly, there are a few lessons to be learnt here.
One is that just because an app is in the official Google Play store, it cannot necessarily be trusted. Google, unfortunately, has a pretty poor record in policing its Android app store. This isn?t the first time that a dodgy app has been found up there, and it won?t be the last. Google, can you please get your act together? Your chairman?s claims that Androids are more secure than iPhones are laughable.
At least Apple has tight reins over the programs which make it into the iOS store for iPhones and iPads.
Second, WhatsApp needs to get better at security. If Android is going to allow apps like BalloonPop2 to scoop up users? private conversations, then maybe WhatsApp (and similar programs) need to do a better job of encrypting those conversations on the device itself.
Security researchers at McAfee tell me that they are adding detection of the offending BalloonPop2 application as Android/Ballonpoper for their customers, and I imagine other vendors will follow in due course.
CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.
sent from my galaxy note 312-07-13 03:07 PMLike 0 - 12-07-13 03:09 PMLike 1
-
- Whenever I install an app, I carefully read all the permissions it asks for.
For example, CrackBerry app asked for BBM integration.
I wanted CB app but decided to keep my BBM info private, so I cleared a checkbox during installation.
This is very useful on BB devices and I had bad experience on Android at some point (described here).12-07-13 04:04 PMLike 0 -
I usually reject this permission for most apps; especially I would do that for a game.12-07-13 04:07 PMLike 0 -
Posted via CB1012-07-13 04:19 PMLike 0
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Ahh the security of BlackBerry...I appreciate it more everyday.
Similar Threads
-
Blackberry z10 (Black) and BlackBerry playbook 64gb for blackberry z30 (UK)
By amjass12 in forum Buy, Sell, Trade - Sold / ArchivedReplies: 2Last Post: 12-20-13, 07:45 PM -
BB10 on Non Blackberry Hardware. What would you pay, if anything?
By leejayh in forum BlackBerry 10 OSReplies: 34Last Post: 12-11-13, 10:43 AM -
My first Z10 !!! I have not had it
By jimk345 in forum BlackBerry Z10Replies: 16Last Post: 12-08-13, 12:01 PM -
Sachesi queries, really appreciate your help
By popengchan in forum BlackBerry 10 OSReplies: 2Last Post: 12-08-13, 08:35 AM -
Does the BerryLeaks team have a twitter account?
By PEDRONUFC in forum BlackBerry 10 OSReplies: 7Last Post: 12-08-13, 08:34 AM
LINK TO POST COPIED TO CLIPBOARD