File-Storage App 4shared Caught Serving Invisible Ads and Making Purchases Without Consent (techcrunch.com) 64
With more than 100 million installs, file-sharing service 4shared is one of the most popular apps in the Android app store. But security researchers say the app is secretly displaying invisible ads and subscribes users to paid services, racking up charges without the user's knowledge -- or their permission -- collectively costing millions of dollars. From a report: "It all happens in the background... nothing appears on the screen," said Guy Krief, chief executive of London-based Upstream, which shared its research exclusively with TechCrunch. The researchers say the app contains suspicious third-party code that allowed the app to automate clicks and make fraudulent purchases. They said the component, built by Hong Kong-based Elephant Data, downloads code which is "directly responsible" for generating the automated clicks without the user's knowledge. The code also sets a cookie to determine if a device has previously been used to make a purchase, likely as a way to hide the activity.
Re: (Score:3)
Still surprised that people are voluntarily putting their credit card info onto a phone. Maybe engineers are just more paranoid than the general public because we're far too aware of what can go wrong?
Re: (Score:1)
Good point.
This is why I'd never store information on my phone and certainly not in an app.
Because neither Google or Apple are trustworthy. Sorry Microsoft: your phone failed.
Re: (Score:2)
LOL, Microsoft trustworthy... nice troll.
Re: (Score:1)
"because we're far too aware of what can go wrong?"
Can? It's not a can... it's a will, the question is just "when"?
Re: (Score:3)
I'm confused... are you against device miniaturization? Are you saying that general computing devices that fit in your pocket are a bad idea? Maybe you're against online payments in general?
Your statement implies that all engineers are luddites like you, which is patently false. A computer is a computer, regardless of its form factor. Some are more open to hacking than others, but that's not really relevant to the form factor.
I'm happy that I can order food while I'm waiting to be seated at a restaurant. I'
Re:The smartphone has revealed to me... (Score:4, Informative)
On my computer I never tell it to remember my credit card number, there's no one-button push on it that can make a purchase. It's a fundamentally bad idea already to store credit card numbers on your computer, or to have your web browser remember your passwords so that it can auto fill forms for you. So taking those bad practices to the smartphone is just as bad.
Re: (Score:2)
I'm confused... are you against device miniaturization? Are you saying that general computing devices that fit in your pocket are a bad idea?
I'm confused by your post. While the OP mentioned putting CC info on a phone, I don't think he meant "on a phone as opposed to a desktop. I would not put it on a desktop either. Having said that, you are far more likely to be scammed via a phone app because the best scam victims are into phones and not into desktops any more, and even a techie has far less control over a phone than over a desktop. I have absolute control over my desktop (running Linux) but my phone does weird shit without my consent and I
Re: (Score:1)
There's definitely some statistics that favor desktops for being more open and hackable
Lol... the understatement of the year. The difference is vastly more than "some statistics", IMHO. And until it improves (I don't hold my breath, though), personally for me, my primary computing (and financially transacting) device will continue to be a classic PC/laptop , even if I still use mobile devices for various purposes, for which they're suited best.
"Making purchases without consent"... (Score:5, Insightful)
...why not just call it what it is, which is "fraud" and "theft"?
Re: (Score:1, Insightful)
well, you fool, because not everyone without immigration status is "illegal." the criminal statutes only apply in certain situations.
i note you don't call yourself an "illegal driver" when I bet you violated half a dozen traffic laws on the way to work today.
Re: (Score:2)
Re: (Score:2)
For this reason, I don't cross the street outside of a cross-walk.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
TL;DR
When you start off with, "I think it's fascinating ..." you really don't.
Re: (Score:2)
Most apps are just scams ... (Score:1)
I've given up on apps for the most part.
They exist to sell ads, track you, and find creative ways to scam you out of money.
I'd venture that 99% of all apps do very little of what they claim, and do a lot of sneaky shit in the background they don't tell you about .. like this crap.
I just don't download apps any more, I assume they're all written by assholes.
No thanks, I'll google it from a secure browser, which I don't consider a phone to be.