An Android game has been removed from the official Google Play store after it was found to be secretly stealing users’ WhatsApp conversation databases, and offering them for sale on an internet website.
The game, Balloon Pop 2, is nothing to write home about – but behind its simple exterior lies the ability to scoop up private conversations that you may have made via WhatsApp on your Android device, and upload them to a website called WhatsAppCopy.
The attacker can then visit the WhatsAppCopy website, enter the phone number of the Android device they are targeting, and (for a fee) access the private conversations.
Install the game, find your phone, read your conversations
FREE Try it, it works!
The WhatsAppCopy website openly advertises the BalloonPop2 game as a way of “backing up” a device’s WhatsApp conversations.
Of course, the people behind the website and the BalloonPop2 game would probably argue that they are providing a legitimate service to people who want to create a remote backup of their WhatsApp conversations, and it’s not their fault if the game is misused by people trying to snoop on other people’s privacy.
However, if that were really the site’s intentions, wouldn’t it be appropriate if a big fat unavoidable warning message was displayed before the game did its dirty deed – giving users the option to realise what was occurring and opt out if they wanted?
Google clearly takes a dim view of the app, as it has now removed it from the official Google Play Android app store.
But, of course, it’s quite possible that the app will be widely distributed via unofficial stores – and future versions could be distributed using other disguises than a balloon-popping game.
Clearly, there are a few lessons to be learnt here.
One is that just because an app is in the official Google Play store, it cannot necessarily be trusted. Google, unfortunately, has a pretty poor record in policing its Android app store. This isn’t the first time that a dodgy app has been found up there, and it won’t be the last. Google, can you please get your act together? Your chairman’s claims that Androids are more secure than iPhones are laughable.
At least Apple has tight reins over the programs which make it into the iOS store for iPhones and iPads.
Second, WhatsApp needs to get better at security. If Android is going to allow apps like BalloonPop2 to scoop up users’ private conversations, then maybe WhatsApp (and similar programs) need to do a better job of encrypting those conversations on the device itself.
Security researchers at McAfee tell me that they are adding detection of the offending BalloonPop2 application as Android/Ballonpoper for their customers, and I imagine other vendors will follow in due course.
Why is it you mention iOS has tighter control? You fail to
mention BlackBerry or Windows at all. BlackBerry has the tightest
security and there is no debating it. There is many reasons
BlackBerry is struggling. Security is not one of them. 1 of those
reasons though is because media fail to mention BlackBerry when it
can put them in the positive. If BlackBerry is in the bad they are
all over it. In this particular article it's Google in
trouble but the only positive note…. is directed in Apples
direction which is only a half a step ahead of Google and still
bad. Maybe BlackBerry wouldn't struggle so much if media
actually spoke about them positively. Try re-writing this article
and all future articles and compare Googles bad security to all 3
of the major competitors instead of one just slightly better. Note
to readers. This doesn't happen on a BlackBerry. It also
doesn't happen if you use BBM…..on any
platform.
Well said, drizzt09. BlackBerry is not dead yet…