Wandera experts reportedthat two malicious selfie apps were removed from Google Play, one of which lasted two years in the directory: Sun Pro Beauty Camera, installed more than a million times, and Funny Sweet Beauty Selfie Camera, installed more than 500,000 times.
Researchers write that having studied the applications, they came to the conclusion that the rights requested by them do not correspond to the stated purpose of use. Applications showed users intrusive full-screen advertising that brought money to their authors. In addition, the APK files in both cases were protected from analysis by the Chinese packer Ijiami, and its use in simple selfie applications also raised questions.
So, in addition to the usual permissions that any application with access to the camera asks for, others were found, including SYSTEM_ALERT_WINDOW. This feature allows the application to display arbitrary content on top of other applications. This can be used to capture clicks or to trick users into entering confidential information such as credentials or bank details.
Another strange resolution is RECORD_AUDIO, which, as the name implies, allows you to capture sound from the device’s microphone without warning. This suggests that, if desired, applications could be used far from just for displaying ads.
Since the release of Android 6 (Marshmallow) introduced the OS a mechanism to combat such abuses, researchers tested applications on devices running Android Lollipop, whose market share in May this year was about 14%, and in August fell to 8.65%. After starting, both applications created shortcuts, and then removed themselves from the user's field of view, thereby making it difficult to delete. Although both applications showed their victims full-screen ads, they worked slightly differently. So, the SunPro Beauty Camera application didn’t even need to be launched in order for the advertisement to fill the entire screen.