Hackers gonna hack

Two weeks ago, I was interested how many google hits my app name + developer name would have. I was surprised to see a few hundred hits, though most of these were version control logs where r6174 (my dev name back then) would denote a revision name. I have changed my dev name to random6174 in the mean time. Anyway, among those precious real hits, there was a Chinese one that caught my attention. I had heard before that there are Chinese app stores hosting stolen or hacked apps, but I could not believe that an app as little distributed as mine could be victim of such.

However, not only does that website host a copy of my App without my knowledge, it also appears to be a trojan horse. Here’s how I came to that conclusion:

Some attributes of the listed app entry match mine perfectly, others must have been altered, semi- or even fully-automatically. The developer name, screenshots, app icon and parts of the description text match. The app name, apk file size, and the rest of the description do not. Downloading the apk and examining it also revealed that the hacked version contains some additional resources (some pandas as images, some Chinese symbols on top of buttons). Most interestingly, however, the hacked version requires a number of permissions, including internet connection and a permission that allows to load new packages. To me, this sounds much like a trojan horse.

I will provide more details in future posts. For now, I am planning to activate ProGuard in all future releases of Orbs.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s