[SirJes]

Android game steals WhatsApp chats and offers them for sale

Android game steals WhatsApp chats and offers them for sale

If you're new here, you may want to subscribe to the RSS feed, like us on Facebook, or sign-up for the free email newsletter which contains computer security advice, news, hints and tips. Thanks for visiting!

An Android game has been removed from the official Google Play store after it was found to be secretly stealing users? WhatsApp conversation databases, and offering them for sale on an internet website.



The game, Balloon Pop 2, is nothing to write home about ? but behind its simple exterior lies the ability to scoop up private conversations that you may have made via WhatsApp on your Android device, and upload them to a website called WhatsAppCopy.



The attacker can then visit the WhatsAppCopy website, enter the phone number of the Android device they are targeting, and (for a fee) access the private conversations.



Install the game, find your phone, read your conversations
FREE Try it, it works!

The WhatsAppCopy website openly advertises the BalloonPop2 game as a way of ?backing up? a device?s WhatsApp conversations.

Of course, the people behind the website and the BalloonPop2 game would probably argue that they are providing a legitimate service to people who want to create a remote backup of their WhatsApp conversations, and it?s not their fault if the game is misused by people trying to snoop on other people?s privacy.

However, if that were really the site?s intentions, wouldn?t it be appropriate if a big fat unavoidable warning message was displayed before the game did its dirty deed ? giving users the option to realise what was occurring and opt out if they wanted?

Google clearly takes a dim view of the app, as it has now removed it from the official Google Play Android app store.

But, of course, it?s quite possible that the app will be widely distributed via unofficial stores ? and future versions could be distributed using other disguises than a balloon-popping game.

Clearly, there are a few lessons to be learnt here.

One is that just because an app is in the official Google Play store, it cannot necessarily be trusted. Google, unfortunately, has a pretty poor record in policing its Android app store. This isn?t the first time that a dodgy app has been found up there, and it won?t be the last. Google, can you please get your act together? Your chairman?s claims that Androids are more secure than iPhones are laughable.

At least Apple has tight reins over the programs which make it into the iOS store for iPhones and iPads.

Second, WhatsApp needs to get better at security. If Android is going to allow apps like BalloonPop2 to scoop up users? private conversations, then maybe WhatsApp (and similar programs) need to do a better job of encrypting those conversations on the device itself.

Security researchers at McAfee tell me that they are adding detection of the offending BalloonPop2 application as Android/Ballonpoper for their customers, and I imagine other vendors will follow in due course.

CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.

[howarmat]

not sure what blackberry security has to do with it. I would assume whatsap stores their conversations the same way on BB as it did android. An app could retrieve them just the same

[diegonei]

I don't need to read this long post to know I agree with the premisse.

[bbq10l]

Signed up!

Posted via CB10

[SirJes]

not sure what blackberry security has to do with it. I would assume whatsap stores their conversations the same way on BB as it did android. An app could retrieve them just the same

You think a blackberry app can grab ur whatsapp convos and upload it to another server? Without you knowing? ..i don't think so


CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.

[LazyEvul]

not sure what blackberry security has to do with it. I would assume whatsap stores their conversations the same way on BB as it did android. An app could retrieve them just the same

I can only assume it's a matter of app permissions. On Android, permissions are all or nothing - you can't pick and choose them like you can on BB10. Google also has the most lax app approval process of all the platforms, though in fairness we really can't say whether or not BlackBerry would have spotted this issue in their own approval process.

Having said that, security is still up to the user as it always has been - if the app is asking for suspicious permissions, you really shouldn't be installing it in the first place.

[zten]

This happens often, android is a rich environment for data farming which is why it has as many apps as it does. Google doesn't regulate anything and your battery/flash light apps need permissions to your "contacts, email, phone identifying serial number, ability to make phone calls and steal whatever they want' in exchange for your free usage of their app.

Android is a disaster.

Posted via CB10

[SirJes]

I can only assume it's a matter of app permissions. On Android, permissions are all or nothing - you can't pick and choose them like you can on BB10. Google also has the most lax app approval process of all the platforms, though in fairness we really can't say whether or not BlackBerry would have spotted this issue in their own approval process.

Having said that, security is still up to the user as it always has been - if the app is asking for suspicious permissions, you really shouldn't be installing it in the first place.

That's the thing, the app gives u no notice of what it's about to do.

CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.

[howarmat]

You think a blackberry app can grab ur whatsapp convos and upload it to another server? Without you knowing? ..i don't think so


CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.

who said without knowing. If the balloon app permissions ask to get your data and then you approve those permissions, then you are letting it happen. Sure you might not actually know they are taking the whatsapp convos but you did give it permission.

This is the same as granting GPS access to a flashlight app, then the app stores that data for tracking. If you acknowledged the permissions then you are letting it happen. The end user is always the weakest link. I cant find the permissions for the balloon app but i am going to guess its fairly open and wants access to alot and most users say "sure why not." Whatsapp shouldnt be storing the convos non encrypted either. This is privacy 101

[TgeekB]

This happens often, android is a rich environment for data farming which is why it has as many apps as it does. Google doesn't regulate anything and your battery/flash light apps need permissions to your "contacts, email, phone identifying serial number, ability to make phone calls and steal whatever they want' in exchange for your free usage of their app.

Android is a disaster.

Posted via CB10

Android is not a disaster, the people who agree to the permissions are a disaster. Its like leaving your car unlocked with the keys in the ignition. Don't blame the car manufacturer.

[missing_K-W]

Android is not a disaster, the people who agree to the permissions are a disaster. Its like leaving your car unlocked with the keys in the ignition. Don't blame the car manufacturer.

There could be a more robust permission experience on Android. It goes both ways. I feel sorry for those users who have malicious activities occur. Hope it's just isolated and not widespread

Posted via CB10

[howarmat]

So here is the permissions. It has accounts listed. Therefore this was basically given access when the user installs it. Then it probably could log all whatsapp conversations from that point on.

Again the user should be able to see that this is probably up to no good easily.

If BB would check all permissions before apps are approved and see this and stop it then I agree BB security is +1, but something tells me they don't.

[howarmat]

And I agree it would be nice to deny the permission before installing the app. You can do it after the app installs but that could be all it takes for the app do its thing even without opening

[jelp2]

Android is not a disaster, the people who agree to the permissions are a disaster. Its like leaving your car unlocked with the keys in the ignition. Don't blame the car manufacturer.

That doesn't really make sense, since that's the entire user base and they have no choice in setting permissions.So you're saying the user base shouldn't download any apps which in turn would in turn would render the Android platform useless. Maybe the apps should be written to select permissions before downloading. Case closed, right??

[raino]

Android is not a disaster, the people who agree to the permissions are a disaster. Its like leaving your car unlocked with the keys in the ignition. Don't blame the car manufacturer.

It would certainly be Android's fault if they were not making clear what the ramifications of providing asked for permissions would be. For instance, there was an article recently about an app--Brightest Flashlight--that was also up to no good, and was censured (by the FTC, no less.) This app is rated 4.8 on 1 million+ reviews (if I'm reading the number right.) Are you telling me 1 million+ Android users are to blame here while Android/Play Store skates by free?

[SirJes]

What I'm saying is, ok yes u agree to accounts permission, but does it then tell u that it's going to take your whatsapp convos? Nope, does it tell u its uploading it? Tgat other people can access it? Nope,

And it's a freaking game, whose going to suspect a game will do this?



CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.

[kdna]

This is why I do not install Android apps on my Z10. I don't care if they're "sandboxed". Native or GO HOME.

[stackberry369]

Android game steals WhatsApp chats and offers them for sale

Android game steals WhatsApp chats and offers them for sale

If you're new here, you may want to subscribe to the RSS feed, like us on Facebook, or sign-up for the free email newsletter which contains computer security advice, news, hints and tips. Thanks for visiting!

An Android game has been removed from the official Google Play store after it was found to be secretly stealing users? WhatsApp conversation databases, and offering them for sale on an internet website.



The game, Balloon Pop 2, is nothing to write home about ? but behind its simple exterior lies the ability to scoop up private conversations that you may have made via WhatsApp on your Android device, and upload them to a website called WhatsAppCopy.



The attacker can then visit the WhatsAppCopy website, enter the phone number of the Android device they are targeting, and (for a fee) access the private conversations.



Install the game, find your phone, read your conversations
FREE Try it, it works!

The WhatsAppCopy website openly advertises the BalloonPop2 game as a way of ?backing up? a device?s WhatsApp conversations.

Of course, the people behind the website and the BalloonPop2 game would probably argue that they are providing a legitimate service to people who want to create a remote backup of their WhatsApp conversations, and it?s not their fault if the game is misused by people trying to snoop on other people?s privacy.

However, if that were really the site?s intentions, wouldn?t it be appropriate if a big fat unavoidable warning message was displayed before the game did its dirty deed ? giving users the option to realise what was occurring and opt out if they wanted?

Google clearly takes a dim view of the app, as it has now removed it from the official Google Play Android app store.

But, of course, it?s quite possible that the app will be widely distributed via unofficial stores ? and future versions could be distributed using other disguises than a balloon-popping game.

Clearly, there are a few lessons to be learnt here.

One is that just because an app is in the official Google Play store, it cannot necessarily be trusted. Google, unfortunately, has a pretty poor record in policing its Android app store. This isn?t the first time that a dodgy app has been found up there, and it won?t be the last. Google, can you please get your act together? Your chairman?s claims that Androids are more secure than iPhones are laughable.

At least Apple has tight reins over the programs which make it into the iOS store for iPhones and iPads.

Second, WhatsApp needs to get better at security. If Android is going to allow apps like BalloonPop2 to scoop up users? private conversations, then maybe WhatsApp (and similar programs) need to do a better job of encrypting those conversations on the device itself.

Security researchers at McAfee tell me that they are adding detection of the offending BalloonPop2 application as Android/Ballonpoper for their customers, and I imagine other vendors will follow in due course.

CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.

You don't know what you are taking about,there's an application on Google Play that let's you turn the permissions off called app ops starter.

sent from my galaxy note 3

[SirJes]

You don't know what you are taking about,there's an application on Google Play that let's you turn the permissions off called app ops starter.

sent from my galaxy note 3

Whut? :s

CLICK HERE To Join My Music & Poetry Channel. Please&Thanks.

[raino]

You don't know what you are taking about,there's an application on Google Play that let's you turn the permissions off called app ops starter.

Don't you see a problem with that...an app to manage permissions? Something the OS should be doing?

[stackberry369]

Don't you see a problem with that...an app to manage permissions? Something the OS should be doing?

Why not?

sent from my galaxy note 3

[raino]

Why not?

How do you know this app isn't doing anything it shouldn't be?

[vrud]

How do you know this app isn't doing anything it shouldn't be?

Whenever I install an app, I carefully read all the permissions it asks for.
For example, CrackBerry app asked for BBM integration.
I wanted CB app but decided to keep my BBM info private, so I cleared a checkbox during installation.

This is very useful on BB devices and I had bad experience on Android at some point (described here).

[vrud]

not sure what blackberry security has to do with it. I would assume whatsap stores their conversations the same way on BB as it did android. An app could retrieve them just the same

If an application wants to read/save data in the shared area then during the app installation you must agree with it.
I usually reject this permission for most apps; especially I would do that for a game.

[Jerale Hoard]

You don't know what you are taking about,there's an application on Google Play that let's you turn the permissions off called app ops starter.

sent from my galaxy note 3

Exactly. It's an (app)lication. BlackBerry provides permissions through software not apps.

Posted via CB10