Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Android App Shares World Cup News At The Expense Of Your Privacy

June 14, 2014 - 3 min read
Everyone is excited about the football World Cup and apparently so are those peddling adware. Earlier we discussed some of the more aggressive Android advertising SDKs integrated apps flagged by AV vendors as Adware - Google Play vs AV vendors. We recently came across a particularly aggregious adware app promoting World Cup news.
App: Brazil 2014 World Cup
Virus Total: 18/45
List of suspicious methods identified via static analysis:
  • getMACAddress
  • getLine1Number
  •  getsms
  •  getLongitude
  •  getLatitude
  •  getImei
  •  getImsi
  •  getAndroidId
  •  getEmail
  •  getManufacturer
  •  getOsVersion
  •  getNetworkconnectiontime
Let see how it harvests all information.
Device information
This app contains the Airpush and Revmob advertising SDKs. From the screenshot above, you can see the application harvesting  the device MAC address (something Apple has cracked down on), mobile ID, Android ID and serial numbers. Adware harvests such information for tracking users as this information allows for tracking the user’s device across applications using the same SDKs.
Device information
Above, you can see the application harvesting device model information, the SDK API version, manufacturer details and the device OS version. This information can then be used by advertisers to build statistics about app usage.
Phone number
In this screenshot, you can see the application also collecting the user's phone number. This is very sensitive information as such information can be used for phone based spamming and advertising campaigns.
This app also collects the user's email account, again, this too is likely used for spamming and advertising campaigns.
Finally, the application collects the device IMEI number, another valuable identifier for tracking the same device across applications sharing the same advertising SDKs.
Data sent
You can also see all of the info being delivered to a third party.
Google play store developer policy
As per the Google Developer policy, usage of MAC address and IMEI numbers is strictly prohibited. Still, apps are regularly permitted into the Google Play store and bypass Google's automated checks. This is an area where Apple is doing a better job of protecting end user privacy through both changes at the O/S level and via application reviews conducted prior to apps being included in the App Store. Apple would no longer permit an app with the level of data collection seen in this particular Android app. There is always confusion about content related to user privacy used by Android apps. In spite of clear guidelines from Google about data collection, developers are ignoring the rules and Google is not aggressively enforcing them.

Despite the aggressive data collection, this app is not malicious. Instead we (and many anti-virus vendors) consider this app an example of aggressive adware.

Stay safe while enjoying the World Cup.

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.