Android apps are well-known for violating users’ privacy by either acting maliciously or gaining access to their phones in order to steal data or track them. The Play Store now has a new type of problem with Android apps, where one of them started recording users without asking for permission to use the microphone.
Not only that, but the app was also transmitting the data to the app developer’s server via an encrypted link. According to information provided in a report by Ars Technica, the iRecorder Screen Recorder app was responsible for this privacy nightmare almost a year after it was first made available for download on the Play Store. Lukas Stefanko, a researcher at Essential Security against Evolving Threats, or ESET, has documented the specifics of this breach.
The app was initially made available in September 2021, but a year later, a malicious update that was issued for the app caused the privacy breach that affected 50,000 or so users by the time Google had the app removed from the Play Store.
The main worry with these sleeper apps is that they manage to get past Google’s supposedly strict security checks for apps on the Play Store, and then a year later they start acting in the worst way possible by infecting devices with malicious code that can have serious repercussions for the users.
Recording apps are believed to be one of the biggest defaulters with these problems on iOS and Android. Google has since removed the iRecorder Screen recorder app, but it’s unclear what information the developer has already obtained from the 50,000 users who are said to still have it installed on their phones and how they intend to use it.
Google asserts that it is continuing to tighten security standards and compel developers to provide users with more updates. However, incidents like these undoubtedly shake a user’s confidence. All we can advise is to exercise caution when downloading apps, even from the Play Store, as these reports seem to indicate.