As soccer, er football, fans count down the days to the beginning of the 2014 FIFA World Cup, the international sporting event is already being used to promote shady apps. This week, security company Avast points out several Android apps that aren't what they seem, and we do a quick rundown of other security threats surrounding the 2014 World Cup.
Shady Android Apps
Last week, Avast published a blog post highlighting several World Cup apps that weren't quite what they seemed. All of the profiled apps were available in the Google Play store, but weren't overtly malicious. Of course, that doesn't mean you'd want them on your Android.
The "Corner Kick World Cup 2014" app from developer VinoSports is a tiny app, taking up less than 1MB. That should be a warning sign for all would-be downloaders, because Avast found that this particular app doesn't actually do anything. "[The app] displayed nothing but a white screen, with ads popping up now and then," wrote Avast's Filip Chytry. The developer had several other, identical apps stuffed to the gills with ads on Google Play. Thankfully, all the apps have been removed as of writing.
Avast also profiled "Fifa 2014 Free - World Cup" from developer Top Game Kingdom LLC. The security company found that the app requests access to information that "has nothing to do with the app's function, like location, call log, and to other accounts on the phone." Avast notes that the developer has many apps on Google Play, all of which require a hefty number of permissions. Unlike Corner Kick World Cup 2014, players of Top Game Kingdom's games will actually get a functioning app—though one with the potential to leak their personal information.
Frequent readers of Security Watch will notice that this all sounds very familiar. Developers of free apps frequently include code from ad networks that scrapes personal information from your phone. The ad networks get user data and the developers get a little bit of cash for their free app.
These tactics aren't inherently dangerous, but both can be abused. The VinoSports titles are clearly using abusive advertising tactics, but the Top Game Kingdom LLC titles are trickier. Even if developers and ad networks take great pains to protect personal information, Android users should ask themselves if they really want anyone having that information in the first place. "Always be cautious when giving apps access and make sure the requests make sense depending on what the app does," writes Chytry. "You don't want to carelessly hand over sensitive information that could later be used against you."
Kick Off World Cup 2014 Safely
Fans love a good sporting event, but the bad guys know that as well. We've already seen the World Cup used as part of a Twitter scam. It's a certainty that people are receiving phishing spam and social engineering attacks built around World Cup events, too. Meanwhile, Anonymous is allegedly planning some hacktivist activity in conjunction with the event.
Installing security software on your Android (and home computer) will help keep you safe, but common sense is the best protection. Before downloading any app, look over the permissions it requires and ask yourself if they seem unnecessary. Before clicking a link offering to livestream a game, try to find a safer way to catch the match. Don't let your excitement or team spirit be your undoing.
Of course, you might be in the same camp as John Oliver and believe that FIFA itself is the biggest scam of all.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
