Android app went rogue almost unnoticed and bugged users years after release – Joop

An Android app that didn’t look too bad at first, turned rogue a year later. This is according to a tech blog Ars-Technica. The app, called iRecorder Screen Recorder, secretly recorded the audio and sent it to the developer’s server.

The app first appeared in the Play Store in September 2021. Almost a year later, in August 2022, the app suddenly seemed to have a new feature. Every 15 minutes it powers up to record one minute of sound and send it directly to the developer via an encrypted connection. When the privacy breach was discovered and the app was taken down, it had been downloaded over 50,000 times.

According to the researcher Luke Stefanko evaluation of new applications is regularly insufficient. Developers cheat platforms like Apple and Google as well as users by offering the app as a subscription and leaving fake reviews. Once the app has been available for a while, there is poor oversight to ensure that apps don’t work with existing permissions and introduce new features in the background that aren’t necessarily benign.

Google says it’s currently working on a new update that should tell users each month which apps have changed their data activities. This must be discovered first.