Two file management applications on Google Play, with over 1.5 million installations, have been found to collect and send excessive user data to servers in China. The apps, ‘File Recovery’ and ‘Data Recovery’, identified as ‘com.spot.music.filedate’ and ‘com.file.box.master.gkd’ respectively, were discovered by mobile security solutions company Pradeo. The apps, despite claiming not to collect user data, were found to exfiltrate users’ contact lists, multimedia files, real-time location, mobile country code, network provider name, operating system version number, and device brand and model. Much of this data is not necessary for the apps’ stated functions and was collected without user consent. The apps also hid their home screen icons and could abuse permissions to restart the device and launch in the background. Despite being reported, the apps remained available on Google Play at the time of the report. However, Google later confirmed that they have removed the apps from Google Play. For more details, read the full article [here](https://www.bleepingcomputer.com/news/security/apps-with-15m-installs-on-google-play-send-your-data-to-china/).
To learn more about how you can protect yourself against such attacks, consider seeking advice from cybersecurity consulting services. Visit [Micro Technology](www.microtechnology.us) for more information.