A weather app pre-installed on certain Alcatel smartphones have been found to contain malware that would secretly subscribe owners of these devices to premium phone numbers. According to CNET, a report from mobile security firm Upstream, found that “Weather Forecast-World Weather Accurate Radar” not only came pre-installed on certain smartphones made by Alcatel but also was offered on Google Play Store. The report highlights that the app was installed by more than 10 million people on their Android smartphones.

The interesting part is that the app is being developed by Chinese smartphone maker TCL. Yes, the company responsible for making smartphones under three different brands – Alcatel, BlackBerry and Palm. The malware was discovered when Upstream found a number of transaction attempts blocked by its security platform. These transactions were initiated by the Alcatel Pixi 4 and Alcatel A3 Max handsets in Brazil and Malaysia, Upstream said in its report. These transactions were reportedly for subscriptions to premium phone numbers and Upstream says its Secure-D security platform blocked 27 million subscription attempts generated by TCL’s weather app.

The company says had it not blocked these requests, consumers would have paid $1.5 million in bogus charges to their wireless provider. The app also collected information like a phone’s unique IMEI number, email addresses and geographic locations and sent it to a server in China. The Wall Street Journal also wrote a story about the app and contacted TCL and Google about the app.

Watch: First Look at Kumbh app on JioPhone

The app has been removed from TCL handsets and from the Google Play Store as well. While there is no concrete evidence to point at TCL being responsible, this is another instance where a fraudulent app made it past Google’s scanner and tried to phish money from Android users. These instances raise questions around privacy policy of these Chinese companies and also whether Google is doing enough to secure Android users from such practices.

Go to Source

Leave a Reply

Your email address will not be published.