A famous video editing app has been caught committing serious fraud: VivaVideo would generate false advertising clicks, steal user data and, above all, would have collected more than 27 million unsolicited subscriptions.
It is not the first time that we see fraudulent applications in the Play Store and it will not be the last, there is no doubt that Google has a serious problem with detecting malicious software. Ad fraud is becoming more common, too abuse trial subscriptions. And there are applications that are repeat offenders, as with vivaVideo: this app has already been caught integrating spyware in its code. Now its developers have gone further.
VivaVideo would try to subscribe the user without him knowing
What the Secure-D security signature is of enormous importance, not only because of the hidden activity of the application itself: VivaVideo is an extremely popular app that has been downloaded on more than 100 million Android and that, above all, it has an average of 4.4 stars. With these figures it is surprising that under the code it has a functioning dedicated to squeeze each user in the background.
As we said, the developers of VivaVideo have already been caught embedding spyware in the code to steal user data. That was in May of this year, almost six months before Secure-D analyzed the application’s background behavior for discover multiple fraud attempts, all of them very serious.
VivaVideo is a video editing app, its name says so. Even so it requires more permissions than necessary for the task, it also integrates in-app purchases to unlock full use of the software. The problem is that VivaVideo hides an advertising fraud from the user based on open ads in the background and simulate clicks, an attitude that Google is penalizing especially. And not only that: as they discovered in Secure-D, VivaVideo tries to charge small payments to its users to pay them to subscriptions with the intention of obtaining commission per affiliate. As a final straw, developers take advantage of the app to capture data from the phone.
As they stood out on Forbes, the security firm has put your discovery in the hands of Google, who is investigating it. Our advice is that if you installed VivaVideo, remove the application. Any precaution is always little.
Via | Upstream
was originally published in