Two file management apps on the Google Play Store have been discovered to be spyware that quietly sends user data to servers in China.

  • @Tankaus
    link
    English
    1251 year ago

    The fishy apps are File Recovery & Data Recovery and File Manager, according to an alert this week from Pradeo, a leading mobile cybersecurity company. The apps, both from the same developer, are programmed to launch without any input from the user and quietly send sensitive user data to servers based in China.

    • eroc1990
      link
      fedilink
      English
      391 year ago

      Thank you for posting this, since OP wasn’t kind enough to include it in the post description.

          • @L3sM
            link
            English
            8
            edit-2
            1 year ago

            Edit: I’ve realized I’m wrong below. A bot is a bot, and mine is no exception. Sorry to anyone who felt deceived, that was not my intention.

            @[email protected] my apologies for not replying, I read your message while updating a bunch of code for the bot and forgot to reply.

            When I made L4s I had gone through Lemmy’s Code of Conduct, and didn’t see where that was required for bots? If I misunderstood the Code of Conduct I will gladly mark it as a bot, or if the admins of lemmy.world clarify to me they want it to be done. Please let me know if you are aware of where it is required, as I want to abide by the the rules here, and don’t want to annoy anyone. Maybe @[email protected] could clear this up for me, I know he is extremely busy though.

            The goal of L4s is to help jump-start communities and content, and I felt 99% of people uncheck “show bot accounts” since they don’t want what would be the equivalent of “automod”, spellchecker bots, etc to show up - not something that’s bringing them content they subscribed to or previously enjoyed on reddit.

            So far it’s helped multiple communities that way (see [email protected] prior to its posts, and a few days after, it’s now the largest “active users” community on all instances), and has sparked a lot of conversations in the posts. The reason I bring that up is most have not complained about the fact it’s not checked, even though I do not hide that it’s a bot in any way, and most enjoy seeing the content it posts. Checking that would mean that those who don’t quite understand there are content bots, would no longer see these posts.

            Also, yes, I’m a mod here. My role irl is very deeply technology related, that is what I enjoy. In my free-time I have been trying to make Lemmy.World one of the best instances as far as content, and helping keep [email protected] on-topic and toxic free.

            • Rentlar
              link
              fedilink
              English
              191 year ago

              I second the suggestion to mark @[email protected] as a bot. Regardless of what the CoC says, it would be unethical not to.

              In this thread people were complaining about how the body contained insufficient information, and the copied title of the article is click bait. A human poster would be able to respond to these concerns whereas a bot cannot.

              I think it would be overall healthier for the Fediverse as a whole if the bot-marking feature was widely respected and exceptions like this not being taken.

              • eroc1990
                link
                fedilink
                English
                121 year ago

                This was my main concern. It felt very low effort and felt like a Reddit karma farmer, not a bot meant to spark discussion within the community. I wouldn’t have had an issue with the content if it was clear that the post was made by a bot.

              • @L3sM
                link
                English
                10
                edit-2
                1 year ago

                Edit: I’ve realized my mistake and will just leave it on, my bot is not above any other, and my goal doesn’t justify not checking the box.

                That’s a fair point, and seeing that a lot of people would prefer it be on, I will probably reconsider my stance regardless of what the admins say.

                • Rentlar
                  link
                  fedilink
                  English
                  61 year ago

                  I still appreciate your work in modding and creating tools that help make Lemmy.world thrive. Thanks for your consideration as well.

              • @L3sM
                link
                English
                -5
                edit-2
                1 year ago

                And respectfully, I don’t think it’s up to you to make that distinction for users that choose to opt out of seeing bot accounts.

                Not to sound rude here, but I feel the same about you asking me to check that box.

                Again, if the admins request me to check it, I will do it - or if the Code of Conduct changes. Lets see what they say in the post you made on [email protected] and go from there.

                I was rude and wrong here.

                • @[email protected]
                  link
                  fedilink
                  English
                  51 year ago

                  Not to sound rude here, but I feel the same about you asking me to check that box.

                  Task failed. These provisions were made with the expectation that individuals such as yourself would act in good faith. It’s alarming to hear that a moderator of any community feels they are above that standard.

            • @techt
              link
              English
              61 year ago

              I agree with the sentiment from the others here, but I also wanted to add that as a general rule, you shouldn’t behave in a way that would be detrimental for the community if everyone did it. Bots should be marked as bots, or the user preference switch to show content from bots is meaningless regardless of how positive or influential you think yours is – as I’m sure most bot creators feel about their own work.

              It’s understandable that you want to have a positive impact, and that is commendable, but your bot shouldn’t be an exception just by your own judgment, especially considering the problems with what the bot is doing that have been pointed out to you.

              Just my take. I would prefer your bot, and all bots, be marked as such irrespective of function.

              • @L3sM
                link
                English
                01 year ago

                Yes. If you keep reading, I acknowledge that. A bot is a bot, mine is no exception.

        • eroc1990
          link
          fedilink
          English
          51 year ago

          I noticed that after my comment. Still a low quality post from a bot seemingly farming for clicks through to articles, where a description summary from a human or better parsing from the bot could have improved the quality of the post.

          • @TheGoldenGod
            link
            English
            61 year ago

            Agreed, the amount of clicks for the article would increase exponentially if they actually added context for those of us who never click these links.

  • @WhoRoger
    link
    English
    151 year ago

    You mean Threads?

    Yes I know… The cheapest shot.

    • iAmTheTot
      link
      fedilink
      41 year ago

      …Why would Threads send your data to China? They make plenty of money off that data domestically.

    • @Gullible
      link
      English
      21 year ago

      deleted by creator

    • @Gullible
      link
      English
      11 year ago

      This is interesting, I cannot reply to iAmTheTot’s comment, but there’s no issue commenting on any other comments. Is it because they’re on kbin?

      • @WhoRoger
        link
        English
        21 year ago

        Yes, replying to kbin doesn’t seem to work

  • @betterdeadthanreddit
    link
    English
    101 year ago

    I’m sure it was an honest mistake. Who hasn’t tried setting up a println("Hello World") and accidentally forwarded all their keylogger data to the CCP?

    • Quik2007
      link
      fedilink
      41 year ago

      my bad, completely forgot to remove that debugging code…

    • @sparemethewearysigh
      link
      English
      13
      edit-2
      1 year ago

      You’d need to make that 1.5 billion to have the article be referring to TikTok.

      Edit: but yes the article could easily be about TikTok, they hoard data just like US social medias, but are part owned by the Chinese government, so it’s even worse.

  • 𝐘Ⓞz҉
    link
    English
    21 year ago

    Why is it bad to send data to China and not to US?

    • @The_Vampire
      link
      English
      11 year ago

      Who said the US wasn’t bad?

      This is just a strawman argument, just because we’re talking about being lit on fire does not mean the alternative of being dipped in acid is good but you know I’d rather not be simultaneously lit on fire while being dipped in acid if I can help it.

  • @xXxDickBonerz69xXx
    link
    English
    21 year ago

    And yet the article doesn’t say which File Manager is the spyware or what the dev is called. Great reporting.

    • iAmTheTot
      link
      fedilink
      181 year ago

      The apps are named in the second paragraph my guy. Literally did not have to scroll after clicking the link to prove you wrong.

      • DarkThoughts
        link
        fedilink
        61 year ago

        Even on a quick glance you can find literally 4 apps called “File Manager” and if you scroll further I’m sure there will be even more.