Similar articles
Advertisement
Advertisement
Create a post to Start Earning on Pejoweb.
Learn how it works

Viva-video App Is No Longer Safe! Please Uninstall All The Apps In This Article Until Further Notice



The scourge of Android permission abuse has reared its ugly head again in the latest disclosure from the research team at VPNpro. The new report focuses on a Chinese “spyware” app with more than 100 million installs. Worse, the developer behind the app has other dangerous titles with at least 50 million installs. According to VPNpro, those apps request “dangerous” permissions, and at least one of them is also hiding a malicious remote access trojan.

Beyond the reported technical abuses, the report also highlights the issue of obfuscation—we have seen networks of related developers hiding their links before, and here we have allegations that the Chinese developer masked its origins behind local subsidiaries in presenting apps on Play Store.

Advertisement

There have been multiple reports now into both of these issues. To its credit, Google has pulled networks of apps that abuse permissions or spew adware once installed. The permissions issue, though, is more complex. Google has taken steps to encourage developers to keep in line but that is not enforced. It should be mandatory. There is no excuse for permission abuse that puts hundreds of millions of users at risk for the sake of ruthless monetisation, especially as it also opens the door to much more malicious threats.

Advertisement

The developer in question this time is Hangzhou-based QuVideo Inc, its most popular app being VivaVideo. VPNpro describes this as “one of the biggest free video editing apps for Android, with at least 100 million installs on Play Store.” We shouldn’t be too shocked at the claims the app is up to no good—it was one of 40 Chinese apps listed by the Indian government in 2017 as “either spyware or ‘malicious-ware’.” Military personnel were instructed to delete it immediately.

According to VPNpro, QuVideo has three apps on Play Store, although it appears to be networked to others as well. It also has apps on the iOS App Store, but the permission situation with iOS is different and not open to the same abuse.

There are some permissions VivaVideo needs to function properly—those arguably include the ability to read/write to external drives, albeit once that permission is granted it’s not limited. Why the app would need to know a user’s “specific GPS location,” though is less clearcut. Until, that is, you realise that this permission allows apps “to send your location data up to 14,000 times per day​, even when you’re not using their apps.” We saw the scale of this recently, when the U.S. turned to this type of marketing data for coronavirus phone tracking.

This isn’t an isolated example, of course, VivaVideo’s stablemate VidStatus (50 million installs) “asks for a whopping ​9 dangerous permissions​, including GPS, the ability to read phone state, read contacts, and even go through a user’s call log.” The app was flagged by Microsoft as malware, hiding the AndroRat trojan.

“When we checked​ ​VidStatus on VirusTotal​, it came back positive,” VPNpro warns. “These kinds of trojans can steal people’s bank, cryptocurrency or PayPal funds.” Putting the alleged malware to one side, the permission abuse is enough to warrant immediate deletion and avoidance of these apps.

QuVideo doesn’t make its ownership of ViStatus obvious, but those links can be found. “On the English language version of its website (vivavideo.tv),” VPNpro says, “QuVideo simply lists its company name as ‘VivaVideo’. However, on the Chinese language versions of its site (for both quvideo.com and xiaoying.tv), it goes by Hangzhou Zhuying Technology Co., Ltd.”

Mapping out this small network of apps, VPNpro reports that there are six from the same developer that should be treated with caution. “These apps have ​more than 157 million installs combined​. But the number is likely much bigger—while ​VivaVideo​’s Google Play page shows it has 100 million+ installs, its​ ​’About Us’ page​ shows that it already has 380 million users worldwide.”

  • VivaVideo
  • VivaVideo PRO Video Editor HD
  • SlidePlus – Photo Slideshow Maker
  • Tempo – Music Video Editor with Effects
  • VivaCut – Pro Video Editor APP
  • VidStatus – Status Videos & Status Downloader. 
  • Unless and until Google makes permission adherence mandatory, putting an end to user data factories, or unless and until hundreds of millions of users vote with their feet (or fingers) and stop installing such apps, these dangers will persist.

    As ever, decide if you need the plethora of apps casually installed on your phone. Be especially cautions of apps from China, which is where most of these networks of apps appear to originate. And pay attention to the permissions you grant these apps. If the list of requests seems out of step with the purpose of the app, you would be well advised to avoid installing it on your phone.

    Both QuVideo and Google were approached for comment before publishing.

    Source: Zak Doffman 



    Advertisement



    Log in to Like & Comment

     2 likes
     
     






    esgee8080 (Basic)   4 months ago
    Thanks for the update




    Advertisement

    Articles that may interest you


    Uganda government shutdown all Social Media Platforms Until Further Notice

    Uganda ordered internet service providers to block all social media platforms and messaging apps on Tuesday until further notice, a letter from the co...

     


    #EndSars: Lagos bus service suspends operations until further notice after attack on protesters by thugs

    A statement by LBSL Public Affairs Officer, Afolabi Olawale, on Thursday, October 15, disclosed that Oguntona said the suspension was d...

     


    State government makes U-Turn, orders closure of schools until further notice

    Despite the order made on Thursday, January 14, for the resumption of all private and public schools across the country on January 18, the federal gov...

     


    NOTICE! NOTICE!! NOTICE!!!* 🔊🔊🔊

    *ACCOUNT VERIFICATION FOR SECOND BATCH(NOV 12) HAS STARTED ALREADY*😇_________________________*QUALIFICATIONS*1️⃣ *YOU MUST HAVE YOUR PINKARD*2...

     


    In this article, we will look at 5 footballers who(at one point in their lives)became impoverished after losing their money. NB: This article is only reviewing professional footballers who were broke

    WhatsApp Messenger is an American freeware that is owned by Facebook, Inc. The app is one of the most used messaging app in the world. WhatsApp is use...

     

    Advertisement

    Uploads that may interest you

    cash app

    All Basic Medical Sciences Subjects Flash Cards for Medical Studies and USMLE. This is really useful for medical examinations

    1. ALL.pptx  

    1. ALL.pptx


    ACUTE LYMPHOBLASTIC LEUKEMIA BY Dr. Elio Quesada Gonzalez Consultant Pediatrician

    Andra - Love Can Save It All (Official Video) video download: You know our love can save it all, we've been together for so long So don't give up on who we are, we'll work it out somehow You know a word can change it all I had my doubts but now I know, I wanna be with you for life Each day and every night Because our love can save it all Oh, oh, oh, woah-oh-oh Oh, oh, oh, woah-oh-oh Oh, oh, oh, woah-oh-oh

    All I want is nothing more To hear you knocking at my door 'Cause if I could see your face once more I could die as a happy man I'm sure When you said your last goodbye I died a little bit inside I lay in tears in bed all night Alone without you by my side But If you loved me Why did you leave me...

    Advertisement

    Loading...
     
     | 
     | 
    Policy
     | 
    Pejoweb © 2021