Has your Android been browsing porn sites behind your back?
Most of us are good at hiding our browsing habits when we need to, but it turns out your Android device might be even better at it. Thanks to a malicious app distributed through Google Play, some devices have been browsing porn sites in the background without their owner’s knowledge.
Called Dubsmash 2, the app imitated the hugely-popular dubbing app Dubsmash — which has now been downloaded more than 10 million times on Android — in an effort to fool users into installing it. During its time in the Play Store, it was downloaded between 100,000 and half a million times.
According to security experts Avast, the app was a so-called “porn clicker.” It scheduled a task to run in the background every 60 seconds to automatically download a list of links to various porn sites from an encrypted URL, along with some JavaScript execution code.
“One of the porn links from the list would be launched in the browser and after ten seconds, the JavaScript code (also downloaded from an encrypted URL) was executed, clicking further links within the porn site,” Avast explains.
Another service baked into the malicious app could automatically launch a video inside the YouTube app.
It’s thought the app was developed for financial gain; its developer was likely receiving revenue for ads on each of these sites every time they got a click, so while Android devices were secretly browsing them in the background, they were earning the developer money.
What’s most concerning is that it is difficult to tell when your device is infected. Once installed, there was little evidence of the app because it changed its icon and name to “Settings IS,” and after running for the first time, the icon was automatically removed from the app drawer.
If you think you may have downloaded Dubsmash 2, you can delete it by opening up the Settings app, choosing “Apps,” and then finding “Settings IS” in the “Downloaded” list. Once you’ve found it, tap it, then choose “Uninstall.”
“This app shows that although there are safeguards in place, undesirable apps that fool users can still slip into the Google Play store,” Avast notes.
With that in mind, always double-check that the apps you are downloading are from trusted sources, and that they have good ratings and reviews. If you notice anything suspicious, you should avoid it and choose the “flag as inappropriate” option to report the app to Google.
- SourceAvast