Delete these apps immediately! Beware of apps that steal your photos and videos and sell them to cybercriminals

Delete these apps immediately! Beware of apps that steal your photos and videos and sell them to cybercriminals

Beware if, like millions of people, you've downloaded these two Android apps! They contain spyware that siphons off all your data and sends it to cybercriminals in China.

Despite Google's efforts, the Play Store is full of malicious apps that, under the guise of offering games or useful features, install malware on your smartphone and get your personal data. 

In early July, researchers at Pradeo, a French company specializing in cybersecurity, discovered that two very popular applications, File Recovery & Data Recovery and File Manager, were hiding a powerful spyware program that discreetly takes the contents of your devices and sends them to servers in China. Quite simply, between them, they racked up over 1.5 million downloads, and as many victims.

File Recovery & Data Recovery, File Manager Google Play Store
© Google Play Store

Edited by the same developer, Wang Tom, the two applications take the form of simple utilities: one lets you manage your files, while the other recovers lost data - the last straw! Practical tools, to say the least, and very appealing, especially as their Play Store page states that they do not collect any data from users' devices. As you'd expect, they don't!

These two popular apps are infected with spyware: File Recovery & Data Recovery and File Manager

According to the the research, both applications are particularly aggressive in their data siphoning, to an extent that is rarely observed. Quite simply, they take everything, from seemingly innocuous information to that which is far more sensitive, and do so without you even asking. Spyware has access to your images, videos, audio files, the country code of your telephone network, the name of your telephone operator, the supplier code of your SIM card, but also your real-time location, your list of contacts and associated accounts (e-mail, instant messaging, social networks, banks...), your network provider, the make and model of your device, and even the version number of your operating system. All this information can be used to target your terminal's weak points, spy on you, blackmail you, empty your bank accounts, and steal your identity. Worst of all, all this data is not sent to a single server, but to a "large number" of servers, most of which are located in China.

Both applications have since been removed from the Play Store - despite a slight lack of responsiveness on Google's part. However, if you already have the File Recovery & Data Recovery and File Manager apps installed on your smartphone or tablet, make sure to remove them. They may hide their icon on the home screen.

  • To uninstall them, go to the list of applications in Settings.
  • Next, check all your accounts and change your passwords without delay. We advise you to activate double authentication whenever possible and to keep a close eye on your banking transfers.

Bear in mind that just because you download an application from an official store doesn't mean you're not at risk. It's likely that the cybercriminal has used an installation farm or mobile device emulators to simulate the high number of downloads. That's why we recommend you only install applications you really need and delete those you no longer use. Before downloading, check for any small details that might tip you off: name of developer, authorization requests, etc... In any case, it's best to have an antivirus program running in the background to double-check that malicious behavior isn't at work.