Digital security company Symantec has released details of a very interesting little Android application. This year has seen paranoia concerning the security of Android apps blossoming (the recent wallpaper app scare, for example). Today’s example is an app that regularly reports on your location without your knowledge. This is regarded as “very low” risk, and really shows how many mobile dangers you can avoid by being vigilant.
What’s the story?
AndroidOS.Tapsnake is a touch-screen version of the generationally popular Snake games. You tap on the screen to control which direction the snake is moving in:
In a routine inspection of the game, Symantec noted that a Trojan was running. A Trojan is a piece of malicious software that hides within a legitimate source – and this one was using the GPS function of the device it was installed on. It detects your location once every 15 mins, and broadcasts it to a remote server. The developer of AndroidOS.Tapsnake sells a paid application called GPS Spy – which you can use to access the GPS information that has been uploaded by the snake game. Someone running GPS Spy can then see a track of all of your movements within the last 24 hours.
Should we start panicking?
No, no need for that. To be honest, the “low risk” evaluation of this app is well earned, for the following reasons:
1) Android users need to pay attention: when you install an app on an Android device, it automatically tells you what functions of the phone it needs to access. So if the casual game your installing wants to access your GPS functions, you should think twice.
2) Someone needs to install it on your phone: the person who wants to spy on you with GPS Spy needs to get the snake app onto your phone – along with registration info including an email address. Being careful who you give your phone to is a must.
Most people have invested a huge amount of personal information into their smartphone. Even if you don’t keep your credit card details on their, the device travels with you all the time. You use it to communicate, to check web pages, to store pictures on, and more. So you need to treat it with a certain amount of caution. Keep your bluetooth and GPS switched off if you’re not using it. Don’t let anyone else install software on your phone. Check what background services are running every once in a while – especially if you lose track of your device for any period of time.
While AndroidOS.Tapsnake could certainly be a threat, this whole story really just highlights what should be a cardinal rule for all phone owners: BE CAREFUL. I’m not saying that software isn’t a threat – it definitely is, and as smartphones become more and more popular, malicious software will increase in complexity. But a lot of dangers can be avoided by simply being aware.