A Google Play app started recording users without their knowledge

An Android recording app called iRecorder Screen Recorder started out as a harmless screen recording app, but turned bad almost a year after its initial release, as described by Ars Technica. The app first came out in September 2021, but after an August update, it started recording a minute of audio every 15 minutes and forwarding those recordings to the developer’s server via an encrypted link. The whole thing is documented in a blog post by Essential Security against Evolving Threats (ESET) researcher Lukas Stefanko.

In the post, Stefanko said the app was updated in August 2022 with malicious code “based on the open-source AhMyth Android RAT (remote access trojan).” The app had 50,000 downloads by the time it was reported and removed from the Play Store. Stefanko added that apps with embedded AhMyth had passed Google’s filters before.

Scam apps are not new to the Apple or Google app stores. Recorder apps can be particularly bad, sometimes with predatory subscription prices and fake reviews to boost their visibility on those platforms. And Stefanko’s blog post highlights a particularly tricky problem: apps that go to the dark side after you’ve had them for a while use the permissions you granted them in the beginning to collect sensitive information from your device and send it to the developer. for nefarious activities.

This particular app is gone, but what’s stopping another sleeper agent from activating on your phone? At least Google is working on updates that tell you via monthly notifications which and when apps have changed their data-sharing practices, if it finds out.

Leave a Comment