Wednesday, 20 March 2013

AntiSpyware Fraud on #Android's Google Play


States have been making money for decades on the name of  "Security". After the revolution of mobile phones many companies are doing the same in the world of  mobile applications. After Realizing the fact that many people, who owns smart phones, are conscious about their privacy, and majority of those do not really know about the security and privacy, are easy prey of such companies.

One such example of such apps is MPL AntiSpy by Mobile Privacy Labs.  This is $10 paid app! By placing such high price they try to give user an impression that this is REAL anti spyware. Not only this, an other app  AntiSpy TESTFILE by sample company is published and been declared a metric for AntiSpyware apps. This is what is written in the description of MPL AntiSpy

To verify MPL AntiSpy works correctly on your phone, please download AntiSpy TESTFILE for free. MPL AntiSpy will detect the TESTFILE as spyware if it works.
(Download here: http://play.google.com/store/apps/details?id=com.ANTISPY.TESTFILE)

To test MPL AntiSpy "Email Alert" feature
1. Enable Email Alert. Click "Menu"-> Type valid email address -> Exit from AntiSpy.
2. Install AntiSpy TESTFILE.
3. Check Toast note saying that "TESTFILE is SPYWARE app."
4. Check your email for Email Alert about the SPYWARE app was found.
I was getting curious to know what is ANTISPY TESTFILE is. So I de-compiled it by standard apk decompilation tools (apktool, dex2jar, jd). What I found is: this ANTISPY TESTFILE is not any way similar to the behavior and capabilities of a real spyware. It CANNOT read Contacts, SMS, Calllogs, browsing history, location etc (as shown in the screen shot of MPL AntiSpy).

Its well known fact that in android environment, Every application needs access permissions to access phone's Contacts, SMS, Calllogs etc. However ANTISPY TESTFILE doesn't request any such permissions nor do anything like real spyware.

So whats the purpose of all this? The idea is to fool "security conscious" innocent users and give impression that MPL AntiSpy is only real anti-spyware because it detects ANTISPY TESTFILE while others do not. Mobile Privacy Labs is making money by fraud with innocent android users. Lets see whether Google will protect its users from such "legal" fraud. Below are the screen shots of ANTISPY TESTFILE source code.















No comments:

Post a Comment