Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43451
  • Total Topics: 16543
  • Online today: 2994
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2814
Total: 2815









Author Topic: Automatic App Installation from Google Play Poses Big Risk  (Read 2581 times)

0 Members and 2 Guests are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Automatic App Installation from Google Play Poses Big Risk

Android users usually download and install applications from the Google Play store through several interactions with the service–including viewing the app’s description and granting permission requests by the app. This confirmation procedure helps us avoid installing malicious and potentially unwanted apps.

However, McAfee recently found a suspicious app on Google Play that almost automatically downloads, installs, and launches other apps from Google Play without these interactions. This automatic installation occurs with the Google account’s authorization tokens, provided by the user only once, which communicates with Google Play URLs in an unofficial way.



A badly behaved app that automatically installs other apps from Google Play.

This app, which has been removed from Google Play, targets Japanese users and allows them to download and view adult movies in return for installing at least five apps among a list of more than 10 provided by a remote server. None of these apps are malicious. It appears the app does this just to get pay-per-install affiliate rewards in an easy–and possibly prohibited–way that betrays advertisers. It’s possible the remote server might later change the list of apps and replace them with malicious ones, though we have not yet seen such behavior.



The app offers adult movies in return for installing five more apps.

Next the app grabs the Google account information on the device and requests that the user authorize the app to access Google services using the AccountManager.getAccountsByType() and AccountMangaer.getAuthToken() APIs. In this case, two privileges, SID and LSID, are requested; these allow the app to access various Google services including the store. These authorization tokens are stored by the app for later use and are also cached for a while by the Android system. Thus until they expire, this authorization request will not be repeated when user next launches the app.



The app requests users authorize to access to the SID and LSID of the Google account.

Once these privileges are granted, the app accesses and interacts several times in an unofficial way with the URLs managed by Google Play. We suspect that the app developer somehow reverse-engineered the protocol used in the Google Play service. Through these HTTP communications, such as retrieving cookies, the app obtains a token to directly request the download of any free apps on Google Play and initiates their automated installation.



The app triggers the automatic installation of five selected apps from Google Play.

Normally users install apps manually from Google Play and can open an app’s description page, check the permission requests, and reject an installation. None of that is possible with this app. Finally the app launches all the installed apps once their installations have finished.



Installing the five apps succeeds without any permission confirmations by the user.

Allowing this kind of app installation invites terrible results if this technique is abused by malicious developers; they can silently install other malicious apps on Google Play onto a user’s device and automatically launch them to run harmful code, without giving the user any opportunity to reject the installation. Users can still bar access to the SID and LSID of their Google accounts when prompted, but malware could offer a legitimate reason or a reward to convince users to approve requests, and allow the app to later install other malware or unwanted apps using the stored authorization tokens.

This automatic installation is allowed thanks to users granting GET_ACCOUNTS and USE_CREDENTIALS permission requests by the app. As previously mentioned, granting these permissions gives the app a powerful position on users’ accounts (and possibly the accounts of services other than Google). Users should be very careful when any unfamiliar app requests these permissions at installation, and also when such apps request access to privileges to a device’s Google account at runtime. Allowing privileges to malicious apps could cause terrible damage to devices and privacy.



The GET_ACCOUNTS and USE_CREDENTIALS permission requests.

McAfee Mobile Security detects this potentially risky app as Android/BadInst.A.



Original article: By Daisuke Nakajima on Mar 03, 2014
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info


devnullius

  • SCF VIP Member
  • *****
  • Posts: 3614
  • KARMA: 157
  • Gender: Female
    • SCForum.info
Re: Automatic App Installation from Google Play Poses Big Risk
« Reply #1 on: 10. March 2014., 22:19:34 »
Those devs can be proud of themselves.... It's hardly hacking, just a really smart way to do things :)

Still, should be fixed ASAP!

Thx for sharing!

Devvie
More information about bitcoin, altcoin & crypto in general? GO TO  j.gs/7385484/btc

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist http://goo.gl/n1ONa9

Samker's Computer Forum - SCforum.info

Re: Automatic App Installation from Google Play Poses Big Risk
« Reply #1 on: 10. March 2014., 22:19:34 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023