Peterborough Linux User Group (Canada) Forum

Linux & Android => Security and Privacy => Topic started by: ssfc72 on July 05, 2021, 08:43:38 AM

Title: More Google Android Apps found stealing Facebook passwords.
Post by: ssfc72 on July 05, 2021, 08:43:38 AM
https://www.xda-developers.com/google-removes-nine-apps-for-stealing-facebook-passwords/

Google removes nine apps for stealing Facebook usersââ,¬â,,¢ logins and passwords.
Google has removed nine apps from the Play Store after it was found these apps stole userââ,¬â,,¢s Facebook login credentials. All apps offered legitimate services and were downloaded more than 5 million times.

What's worse is Google has only banned the App publishers from submitting Apps to the Google store.  Of course, you and I know the criminals will just create a new name for themselves and go on to put more credential stealing Apps, into the Google App store.

Google needs to take action so that the persons responsible for these password stealing Apps get prosecuted and are put in jail.
Title: Re: More Google Android Apps found stealing Facebook passwords.
Post by: Jason on July 06, 2021, 09:12:03 AM
I'm all for getting them prosecuted obviously but I'm wondering if it'd be better just to get make it too difficult to get phony apps in the store in the first place. I was curious how one gets apps in the Google Play store. It turns out there is a $25 developer fee for getting admission which isn't much. I'm not sure how many Facebook logins they can scam for that $25 but it must be worth it. If Google set that rate higher, how likely would it be to prevent this kind of nonsense? Of course, they don't want to lose potential developers either, especially the little guys. Maybe they just need a better verification process, like a tax registration number, etc, that would verify that a business was legitimate (as much as you can), too.

I never seem to hear about this with Apple apps. I wonder why?

It shows another good reason to use 2FA, though. I'm glad they mentioned that part.

Thanks for sharing, Bill. I don't have any of those apps installed but I should share this, ahem, with my Facebook friends.
Title: Re: More Google Android Apps found stealing Facebook passwords.
Post by: Jason on July 06, 2021, 09:17:02 AM
I forgot to add that this is also a good reason to have antimalware/antivirus software on your phone. I know I'm going to sound like a commercial but I use the free version of BitDefender. It scans every program when it's installed but it has an on-demand scan, too.

It uses memory and is light on battery use, unlike some antivirus programs. It uses so little, I don't even see it on the list of the top 25 apps for usage. The bottom energy user in the list is Twitter at 1%. I primarily use Twitter for transit updates.
Title: Re: More Google Android Apps found stealing Facebook passwords.
Post by: fox on July 07, 2021, 07:21:48 AM
Quote from: Jason on July 06, 2021, 09:17:02 AM
.... I know I'm going to sound like a commercial but I use the free version of BitDefender. ....

Where did you get it from? I couldn't find a Linux version of BitDefender free on their website.
Title: Re: More Google Android Apps found stealing Facebook passwords.
Post by: Jason on July 10, 2021, 03:23:26 PM
I originally got it in the Play store. Yes, I recognize the irony in installing an app from the Google Play store after reading this but there aren't any apps called Bitdefender Free, so it's alright. On their website, it's under For Home -> Mobile Tools -> Toolbox.

Maybe in the future, it might be a good idea to see if a particular app has a website and use the link from there to install it. Of course, the miscreants could do that, too. But at least it makes them do extra work to get an app installed.


Update to this post on July 11 @ 3:22 pm. Additions are in bold.
Title: Re: More Google Android Apps found stealing Facebook passwords.
Post by: fox on July 12, 2021, 09:44:11 AM
Quote from: Jason on July 10, 2021, 03:23:26 PM
I originally got it in the Play store. Yes, I recognize the irony in installing an app from the Google Play store after reading this but there aren't any apps called Bitdefender Free, so it's alright. On their website, it's under For Home -> Mobile Tools -> Toolbox.

I must have misunderstood. I thought you meant that you were using it on a Linux installation.