Contact us today!
(800) 588-4430

Telesys Voice and Data Blog

Telesys Voice and Data has been serving the Dallas/Fort Worth area since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Just Because an App is on the Google Play Store, Doesn’t Mean it’s Safe

Just Because an App is on the Google Play Store, Doesn’t Mean it’s Safe

If your employees are given an Android device to use for work, or if they bring in their own as a part of BYOD, you may want to pay special attention to what follows.

Google has just removed a piece of malware that managed to make its way into the listings of the Google Play Store. Disguised as a strategic card game called “Beaver Gang Counter,” the malware seemed at first glance to be a harmless enough app to download as a way to pass some time every now and then. This impression unfortunately turned out to be inaccurate for a few different reasons.

So Why Was it a Threat?
First, the app itself reportedly was a bit of a one-trick pony, losing any of its entertainment appeal very swiftly. Of course, what does one do with an app that one has grown bored with and no longer wants? One deletes it, to make room for other apps that one will have more use for, but not before the second factor that makes the “harmless” impression inaccurate comes into play.

The disguised malware would specifically target those whom also had Viber, the vastly more popular communications app, installed on their device. Once the Beaver Gang Counter app was installed, the malware would access the directories contained in Viber as well as uploading any of the user’s Viber images to an external website.

Google has since denied Beaver Gang Counter from the Play Store, and thus far it seems that little damage was done. However, the entire situation asks the question: how did this happen?

There were ultimately a number of factors that led to Beaver Gang Counter having the ability to access files belonging to another app - an ability that the Android platform is supposed to block. However, the measures put in place by Android do nothing to prevent the review of data saved on the SD removable storage.

Due to the expectation of inter-device compatibility that comes with SD cards, the inter-app file sharing that Android usually blocks is left unfettered in the SD storage, depending on the permissions granted at install. Therefore, if assigned to SD memory (as it would have been in almost all cases), Beaver Gang Counter could potentially access any and all data saved to the SD - the malware developers had simply chosen to target Viber users specifically.

So What Happened?
However, there’s an excellent case to be made that the app should never have reached the Google Play storefront at all, and that Google’s review process seems to need some work.

Upon opening the app, you are brought to the game’s main menu screen, with the following options: Help, Players, Statistics, and the all-important New Gane. Yes, you read that right. New Gane. There was a spelling mistake, right there on the most important element of the main menu, visible from the download screen itself, that Google either missed or disregarded without digging any deeper.

What Does this Mean for my Business?
While Beaver Gang Counter didn’t target anything that would likely damage a business if the malware infiltrated a business-provided or BYOD-implementing device, it really makes one consider how many other apps may be out there that could potentially cause harm to a business through similar actions. The only truly clear lesson to be learned from this story is that Google isn’t infallible, and so they cannot be relied upon to defend your company from all threats that are sent through their systems. Ultimately, it falls to you to pick up the slack, and so you should implement the following best practices.

  • Steer clear of unknown apps: If nobody is talking about an app, there’s a better chance that it is a less safe option (and that’s the best case scenario). Avoid utilizing unknown and unreviewed apps on business devices. Furthermore, despite their failure to catch Beaver Gang Counter, Google’s marketplaces for apps are still much safer than the unregulated Android marketplace that are out there.
  • Keep important data on your actual device: Clearly, Android prioritizes the protection of data on its native storage over that of data stored on removable media. Therefore, you should keep this in mind as you elect where to store data of different levels of importance, critical files on the device itself.
  • Set terms for employee devices: This will admittedly be simpler to enforce with company-provided devices, as BYOD relies on the employee using their own property and therefore a device that they have control of. While you may disable non-company approved apps in devices provided by the company, you may have to take a few extra steps to implement a BYOD policy. A mandatory security solution may be a fair term for an employee wishing to use their own device, as well as required security best practice training.
  • By implementing these practices, you just may be able to keep an issue like this one from affecting your company sometime down the line.

For more IT news and best practices, be sure to keep checking back on our blog, and be sure to reach out to Telesys Voice and Data if you have any questions about your own security. Give us a call at (800) 588-4430.


No comments yet
Already Registered? Login Here
Sunday, 25 August 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Free Consultation

Sign up today for a
FREE Network Consultation

How secure is your IT infrastructure?
Let us evaluate it for free!

Sign up Now!

Free Consultation

Tag Cloud

Security Tip of the Week Technology Cloud Best Practices Business Computing Hackers Malware Privacy Email Productivity Business Hosted Solutions Microsoft Software Internet IT Services Network Security Computer Windows 10 Managed Service Provider Productivity Ransomware Backup Innovation Mobile Devices Smartphone Outsourced IT Data Backup Android Managed IT services Hardware User Tips Google Social Media Business Continuity Efficiency Browser Communication IT Support Disaster Recovery Upgrade Workplace Tips Data Recovery Data Business Management Cloud Computing IT Support Managed IT Services Data Management Smartphones Small Business App Office Remote Monitoring Internet of Things Phishing Holiday Microsoft Office Server Facebook Miscellaneous WiFi Network Office 365 Windows Gmail Big Data VoIP Save Money Paperless Office Tech Term Spam Encryption Passwords communications Artificial Intelligence Password Bandwidth Firewall Robot Customer Relationship Management Apps Hosted Solution Recovery Collaboration Employer-Employee Relationship Risk Management Unified Threat Management Saving Money Hacker Remote Computing How To Government Money Content Filtering Work/Life Balance Compliance Chrome Managed IT Downtime Wi-Fi Office Tips Infrastructure Apple Avoiding Downtime Vendor Management Windows 10 Document Management Analytics Tip of the week Customer Service Mobile Device Management Cybersecurity Operating System Word Help Desk Presentation Business Growth Virtual Reality Education Training SaaS Cybercrime IT Management BYOD Outlook Mobile Device Antivirus Social Project Management Website Business Technology Data loss BDR File Sharing Health Applications Two-factor Authentication Hacking Telephone Systems Settings Mobile Computing Automation Tech Support Alert Printing Vulnerability The Internet of Things Computers Data storage Computing Data Security Virtual Private Network Analyitcs Computer Care Search Assessment Access Control Bring Your Own Device Server Management Licensing Sports IT service Digital Payment Cortana Consultation Virtualization Maintenance Administration Specifications Managed Service Automobile Upgrades Safety Healthcare Budget IT solutions User End of Support Wireless Technology Wireless Mouse Tablet Retail Proactive Regulations Windows 7 Best Practice Legal Lithium-ion battery Remote Monitoring and Management Display YouTube Business Owner Twitter Net Neutrality Unified Communications Politics Monitors Smart Technology Marketing Travel Google Drive LiFi Software as a Service Websites HIPAA Physical Security Router Going Green Patch Management Taxes Scam Mobile Security Competition Botnet Laptops Identity Theft Augmented Reality Information Technology Samsung Running Cable VPN Humor Meetings IBM Storage Servers Black Friday Scary Stories Relocation Information business network infrastructure Migration RMM Electronic Medical Records Nanotechnology Windows Server Google Wallet Dark Web Webcam Troubleshooting IT Budget Crowdsourcing Cables Dark Data Techology Computing Infrastructure Procurement Cyber Monday Private Cloud Undo Monitoring data services Chatbots IoT User Management Drones Mail Merge Data Warehousing Point of Sale IP Address Alt Codes Phone System Wires Disaster Resistance Alerts SharePoint Identity Remote Worker Statistics flu season Software Tips Error Electronic Health Records Mobile Office Utility Computing Address Microsoft Excel Downloads Typing Proactive IT Cooperation Virtual Assistant Bluetooth Fort Worth Buisness Cyberattacks Update Redundancy Blockchain Corporate Profile Web Server Quick Tips Multi-Factor Security Cryptocurrency Knowledge MSP IT Consulting Staff Voice over Internet Protocol flu shot History Administrator Bookmarks 3D Printing Chromebook Cost Management Permissions WannaCry Cameras Time Management Google Calendar Bitcoin iPhone Experience Law Enforcement Network Congestion Data Breach Flexibility Fort Worth IT Cabling Favorites Unsupported Software Staffing Emoji Management Fraud CCTV Network Management Legislation Windows 8 Gadget Technology Laws Operations Social Networking Manufacturing Hacks DFW IT Service Domains Mobile Data GPS 5G Entrepreneur Enterprise Resource Planning Lenovo VoIP Touchscreen Google Maps Application WPA3 Unified Threat Management Wearable Technology Conferencing Motherboard Proactive Maintenance Current Events Shortcut Disaster Users Public Speaking G Suite Tracking PowerPoint Processors Mobile Superfish Internet Exlporer Digital Fleet Tracking business communications systems Employees Processor Distributed Denial of Service Uninterrupted Power Supply Consumers Motion Sickness Company Culture Google Docs Spyware Technology Tips Laptop Hard Drives Asset Tracking Writing Internet Protocol IT Technicians Zero-Day Threat Personal Information Modem Managed IT Service Solid State Drive Virtual Desktop IT Consultant Vulnerabilities Networking Hotspot How To User Error eWaste Heating/Cooling Comparison Halloween Machine Learning Refrigeration IT Sevices Remote Workers Social Engineering VoIP streamlines Mirgation Backup and Disaster Recovery Computer Repair Cookies Active Directory Break Fix Hard Disk Drive Cleaning Supercomputer Fun Notifications Geography Language Firefox Printer Deep Learning Environment

Top Blog

Let's look at the definition of disaster. dis·as·ter A calamitous event, especially one occurring suddenly and causing great loss of life, damage, or hardship, as a flood, airplane crash, or business failure.To Telesys Voice and Data, a disaster is anything that involves a major loss of data or major downt...