Two selfie Android apps available on the Google Play store include functionality that records audio without the user’s consent. Both apps pose as selfie camera filters and have been installed over 1.5 million times. The primary activity of the apps is not to spy on users but to aggressively push adware that covers the screen of the Android device. The two apps are Sun Pro Beauty Camera, which has over one million installations, and Funny Sweet Beauty Selfie Camera, which has over 500,000 installations. Apart from the normal permissions required by any app that needs camera access, there were some troubling ones. Among them were SYSTEM_ALERT_WINDOW, which allows the app to overlay arbitrary content. This function could be used for clickjacking purposes or to fool users into inputting personal information. Another worrying permission is RECORD_AUDIO, which allows the app to record audio without the user’s knowledge. Research also found that both apps allow for the use of very intrusive adware.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is