Apps with 5.8 million Google Play downloads stole users’ Facebook passwords

by
Dan Goodin
from Ars Technica - All content on (#5KTKV)
google-play-800x532.jpeg

Enlarge (credit: Mateusz Slodkowski/SOPA Images/LightRocket via Getty Images)

Google has given the boot to nine Android apps downloaded more than 5.8 million times from the company's Play marketplace after researchers said these apps used a sneaky way to steal users' Facebook login credentials.

In a bid to win users' trust and lower their guard, the apps provided fully functioning services for photo editing and framing, exercise and training, horoscopes, and removal of junk files from Android devices, according to a post published by security firm Dr. Web. All of the identified apps offered users an option to disable in-app ads by logging into their Facebook accounts. Users who chose the option saw a genuine Facebook login form containing fields for entering usernames and passwords.

Then, as Dr. Web researchers wrote:

Read 5 remaining paragraphs | Comments

index?i=MzNoE9lRjJQ:-Cb-4CP3BSc:V_sGLiPB index?i=MzNoE9lRjJQ:-Cb-4CP3BSc:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments