Beware of Free Applications

free application spyware

There are an unbelievable number of smartphone apps available for download. In most cases, these apps are harmless, and they may even improve a user’s life in some way.

 

However, the app space is filled with both those who are trying to help the world, and those who are simply trying to take advantage of others.

 

GriftHorse Trojan

 

We’d like to think that an extremely advanced company such as Google could keep on top of potential scams and bad actors who attempt to upload fraudulent apps to the Google Play store.

 

In reality, it may partially be because of Google’s massive size, that apps such as those involved with the GriftHorse campaign are able to slide under the radar.

 

In the years 2020-2021, this campaign was able to take advantage of millions of smartphone users through a sophisticated scam, the depths of which are still being determined.

 

Essentially, the scammers structured this campaign as follows:
 

  • Specific apps were designed to have features that could create disastrous circumstances for users.
  • These apps included presumably innocuous ones such as those that offer health monitoring services or those that can translate between languages.
  • When users downloaded these apps, they would get frequent notifications indicating that they had won a prize, and all they had to do was enter their phone number in order to claim their reward.
  • Once at this stage, the scammers behind the apps then signed users up for subscription services that charged users monthly.

 

You may still be wondering, “How did the criminals achieve this feat?” Furthermore, you may not understand how a user could fall for such an obvious scam. After all, there must have been some obvious red flags, right?

 

Free App Red Flags

 

Truthfully, it takes a trained eye to spot some of the more sophisticated scams. For this specific scam, the people behind it seem to take every possible step to appear legitimate.

 

Case in point, the sites that users were directed to were flawless in terms of grammar, style, and all other components of the written word. There was clearly special attention paid to the construction of these sites so that they looked as professional as possible.

 

Beyond the exceptional writing and site construction implemented on these fraudulent sites, there was also the use of URLs that seemed harmless. This served to disguise their operation from any security programs that might ordinarily pick up on a reused link.

 

As a result, some of these apps still have yet to be removed from third-party application stores. This means that people are continuing to download these apps and the scammers are continuing to rake in the cash.

 

Video-calling Scams

 

In certain countries, there are very strict rules on which apps can and can’t be used by citizens. For example, in the UAE, both WhatsApp and Skype are outlawed. Therefore, the government needed to find another application that could fill the desires of citizens.

 

In this case, the UAE settled on an app known as ToTok. Quickly after it was introduced and approved by the government, millions of people downloaded the app to their phones. Unfortunately, it wouldn’t take long to discover that ToTok was tracking every piece of data on users’ phones. This included pictures, messages, videos, and tons of other sensitive data.

 

This story became even stranger when the originators of ToTok denied any wrongdoing. In fact, they pointed to their user agreement which granted them permissions that were almost exactly the same as those used by Facebook and WhatsApp.

 

The revelation that WhatsApp and Facebook could be doing similar things with user data was alarming to many people. it is made even worse when one remembers that these huge companies have also been involved in issues pertaining to user data security in the past.

 

Is There a Way to Achieve Security on a Smartphone?

 

In short, yes, but it’s not through the use of apps that allow for backdoors and loose definitions of privacy and security. Users need to have true end-to-end encryption and stay away from some third party apps, if they want to reduce their chances of being a victim of cybercrime.

 

Giant companies like Facebook, WhatsApp, and Google have big tasks ahead of them. There’s no doubt that monitoring for potential threats and creating a secure system is difficult. This is especially true in an age where hackers and criminals are using more advanced techniques than we would have ever thought possible just a few decades earlier.

 

One of the most important features to ensure privacy is the use of true end-to-end encryption. Services such as WhatsApp promises this feature, but it’s not exactly as secure as one may think.

 

WhatsApp’s end-to-end encryption means that messages are secure when they are being sent, and when they are being received. When a message or other form of data is on a user’s phone, it isn’t encrypted.

 

This allows users to report messages that they believe may be harmful or illegal, enabling WhatsApp to launch an investigation, if necessary.

 

There are a few problems with this system, however.

 

For one thing, these flagged messages are being reviewed in the time span of just a few seconds by workers all over the world. If they deem any content to be in violation of their policies, they will then take action. If they don’t nothing happens.

 

So, users are at the mercy, for better or worse, of these reviewers who can view what was thought to be private information, if one or more users decide to report the content.

 

Secondly, Facebook, the company who routinely comes under fire for mishandling of secure user data, owns WhatsApp. This may give users pause, and rightfully so. How can a company who openly uses user data for advertising purposes claim to provide security in any form?

 

Trust in Ghostchat

 

Ghostchat has never, and will never, breach user data. We practice complete end-to-end encryption with no tricks or unclear user agreements.

 

You can rest easy in the fact that Ghostchat will never compromise user security for any reason, whatsoever. Full stop.