You can’t trust app developers’ privacy claims
How Many App Stores Are There? Detection and Analysis of Facebook-Matrix Apps that are Set up to Harvest User Identities
Both Apple and Google have struggled for years to keep malicious apps out of their official mobile app stores and away from users’ phones. Programs like flashlight apps or photo editing tools can help mask attempts to grab user data or steal login credentials from a legitimate service. Today, Meta said it has found and reported more than 400 apps this year in official app stores that were set up to steal victims’ Facebook credentials.
According to the company, Meta identified many of the apps that have been taken down from the Play store and that they had caught many of them before.
Both companies struggle to police their app stores, and each has its own version of the problem. Users are able to download apps from third-party app stores even if they don’t want them. This makes it even more problematic when malicious apps show up in Play, but it also gives users leeway to source apps where they want to (ideally, if they know they can trust a particular developer). Even though there are less rogue apps in the closediOSecosystem, it is still worth the risk for attackers to sneak their malicious apps in.
When you click on Data Safety, the first thing you see is that the companies don’t share data with third parties. That’s ridiculous—you immediately know something is off,” says Jen Caltrider, Mozilla’s project lead. This data was not going to help people make informed decisions, as a privacy researcher. What’s more, a regular person reading it would most certainly walk away with a false sense of security.”